1 1

Espressobin - using trusted/secure U-Boot

Recommended Posts



I am currently trying to install a secure /trusted U-Boot into the EspressoBin and got several questions for this issue.


I followed this manual:


Regarding this manual the Flag for "efuse write BOOT_DEVICE SPINOR "has to be setup into NOR-Flash, so that the device will only boot from NOR anymore (which is a reason for security, I know). Can I skip this step, so that I do not damage the complete board?

I would choose UART for testing my encrypted bootloader.


I skipped the step "efuse write DEV_DEPLOY 1"  and my board doesn't boot anymore. Could this be the reason?


Initially, I installed my own keys for aes-256.txt and iv.txt and also generated CSK[0..F].txt,KAK.txt files (and csk[1..16].txt, kak.txt)  each with different seeds. I couldn't find any manual for this setup. Does anyone have experience with the encryption-setup of U-Boot with ATF?


Thanks for your help!


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
1 1