Tool/software:
Hi,
We would like to confirm the following regarding the AM64x device.
Q1: Is it possible to implement secure boot and digital certificate verification with the AM64x + WolfBoot configuration? Can this setup serve as a technically viable basis for CRA (Cyber Resilience Act) compliance?
→ Our understanding is that using the HS (High Security) variant of the AM64x enables hardware-based secure boot (signature verification via ROM code) and key management features (e.g., eFUSE/PK-HASH). This allows secure boot to be implemented solely with the SoC. WolfBoot can enhance this by supporting OTA updates. However, CRA compliance ultimately depends on the broader system design and operational processes, not just the SoC.
Q2: Is it necessary to use the HS-SE variant instead of FS to support encrypted firmware updates (encryption/decryption)?
→ Our understanding is that FS (Functional Safety) variants have limited security functions and do not support full secure boot or firmware encryption features. Therefore, to support secure firmware updates with encryption/decryption, the HS-SE variant is required.
Could you please confirm whether our understanding is correct?
Thanks,
Conor
