1 1
abstractEffort

Espressobin - using trusted/secure U-Boot

Recommended Posts

Hi,

 

I am currently trying to install a secure /trusted U-Boot into the EspressoBin and got several questions for this issue.

 

I followed this manual:

https://github.com/MarvellEmbeddedProcessors/u-boot-marvell/blob/u-boot-2017.03-armada-17.10/doc/mvebu/trusted_boot.txt

Regarding this manual the Flag for "efuse write BOOT_DEVICE SPINOR "has to be setup into NOR-Flash, so that the device will only boot from NOR anymore (which is a reason for security, I know). Can I skip this step, so that I do not damage the complete board?

I would choose UART for testing my encrypted bootloader.

 

I skipped the step "efuse write DEV_DEPLOY 1"  and my board doesn't boot anymore. Could this be the reason?

 

Initially, I installed my own keys for aes-256.txt and iv.txt and also generated CSK[0..F].txt,KAK.txt files (and csk[1..16].txt, kak.txt)  each with different seeds. I couldn't find any manual for this setup. Does anyone have experience with the encryption-setup of U-Boot with ATF?

 

Thanks for your help!

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
1 1