- Ask a related questionWhat is a related question?A related question is a question created from another question. When the related question is created, it will be automatically linked to the original question.
Original question:
AM6422: HS-SE secure boot u-boot + linux stalls when encrypted
Tool/software:
Hi,
I am building firmware for TI AM64 EVM and SK. Besides UBOOT, I basically have a FIT image that includes the Linux Kernel and ROOT Files System (in CPIO InitramFs) Format. I saw in the AM64X Linux SDK 10 under UBOOT Source Code directory arch/arm/mach-k3 there is a directory namely "keys" that has private key and public certificate that one can replace with their own SMPK or BMPK, so essentially secure boot with authentication is supported out of box in the SDK.
Now my question is, in order to also support encryption in secure boot, presumably encrypting tiboot.bin, tispl.bin, u-boot.img, and cust-fw.fit (Linux, DTB, and ROOTFS), how should one modify the UBOOT and Linux Build Process, what are the proper command systax to use SMEK or BMEK to encrypt these files and under what kind of binman specifications, and for the cust-fw.fit, maybe one has to modify the UBOOT to decrypt his cust-fw.fit image right. (This image can first loaded by TFTP, but later on will be in a OSPI flash partition).
