Dear TI support team,
I hope this Email finds you well.
I am currently working on implementing secure boot in embedded Linux on AM6231 processors, utilizing SHA256 and ECDSA digital signature algorithms. I have a few questions regarding the process, and I would greatly appreciate your assistance in clarifying these points:
- Storage and Security of Root Public Key:
- How is the root public key stored and secured in the AM6231 processor?
- Does this process require any special environment or considerations?
- Changing or Updating the Root Public Key:
- Is it possible to change or update the root public key?
- If so, what is the procedure for doing so?
- Boot Process and Signature Verification in ROM Code:
- How does the ROM code boot the U-Boot?
- Is there any signature verification involved in this process, and if yes, where is it stored?
- Signature Verification during U-Boot Booting:
- When U-Boot loads the kernel image, is there any signature verification performed?
- If verification is conducted, where is the verification process stored?
- Verification of Additional Packages in Root File System:
- After the kernel is loaded and enters the root file system, is there any verification process for additional packages?
- If verification exists, how is it implemented?
I understand that these questions may require detailed explanations, and any insights or documentation you can provide would be immensely helpful for our project
Thank you very much for your attention to this matter. I look forward to your response.
Warm regards,
Binson Binoy
