The signed bootloader images can be flashed like any other U-Boot image (see Re-program U-Boot in the eMMC), for example:
=> update uboot tftp u-boot-ccimx8xsbcpro-trusty-signed.imx| Flashing a signed U-Boot does not enable any security features in the target. See 7. Secure the device to learn how to close your device to only boot signed bootloader images. |
Reset the device, and check the result of command trustfence status:
=> reset
(...)
=> trustfence status
* SRK fuses: [NOT PROGRAMMED]
Key 0: [OK]
Key 1: [OK]
Key 2: [OK]
Key 3: [OK]
* Secure boot: [OPEN]
* AHAB events: [ERRORS PRESENT!]The output shows the device has security events.
Get more information about the AHAB events with command ahab_status:
=> ahab_status
Lifecycle: 0x0020, NXP closed
SECO Event[0] = 0x0087FA00
CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
IND = AHAB_BAD_KEY_HASH_IND (0xFA)
sc_seco_get_event: idx: 1, res:3For the command field (CMD), the expected value at this step is 0x87 (ID for AHAB_AUTH_CONTAINER_REQ).
The indicator field (IND) shows the code AHAB_BAD_KEY_HASH_IND (0xFA) because the key hash verification does not match the current OTPs.
Once the OTP SRK hash fuses are programmed on the target OTPs, the AHAB events will no longer have errors.
See the NXP secure boot application notes for more information on event decoding.
