Hi,
I am currently trying to install a secure /trusted U-Boot into the EspressoBin and got several questions for this issue.
I followed this manual:
https://github.com/MarvellEmbeddedProcessors/u-boot-marvell/blob/u-boot-2017.03-armada-17.10/doc/mvebu/trusted_boot.txt
Regarding this manual the Flag for "efuse write BOOT_DEVICE SPINOR "has to be setup into NOR-Flash, so that the device will only boot from NOR anymore (which is a reason for security, I know). Can I skip this step, so that I do not damage the complete board?
I would choose UART for testing my encrypted bootloader.
I skipped the step "efuse write DEV_DEPLOY 1" and my board doesn't boot anymore. Could this be the reason?
Initially, I installed my own keys for aes-256.txt and iv.txt and also generated CSK[0..F].txt,KAK.txt files (and csk[1..16].txt, kak.txt) each with different seeds. I couldn't find any manual for this setup. Does anyone have experience with the encryption-setup of U-Boot with ATF?
Thanks for your help!