12/21/2023 0 Comments U boot tutorial pdf![]() Select ‘ARM architecture’ -> ‘Support i.MX HAB features’ ~/u-boot-im圆$ export CROSS_COMPILE=arm-linux-gnueabihf. Note: I originally followed boundary device’s HAB blog which instructed to compile u-boot 2016, and then decided to compile a more recent version instead.ĭownload and compile ~$ git clone -b boundary-v2018.07 of the im圆q reference manual says the fuse address starts at 0x580įrom board’s u-boot prompt => fuse prog -y 3 0 0xDD1F4F0FĮach value is 32bits x 8 = 256bit hash Build u-boot boundary-v2018.07 ![]() Using the knowledge from above, let’s plug-in the fuse address for burning the SRK (super root key) hash. One Time Program of a SHA256 of Four RSA public keys TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 Python code to calculate MAC_ADDR bank and ifconfig eth0Įth0 Link encap:Ethernet HWaddr 00:19:B8:06:92:8D (0圆20 – 0x400)/0x10 = 0x22 Hexadecimal = 34 DecimalĪs the fuses are arranged in banks of 8 words:ģ4 / 8 = 4 and the remainder is 2, so in this case: On the i.MX6Q The MAC address is located at 0圆20 (Lower MAC address) and 0圆30 (Upper MAC address), the following example in U-Boot documentation can be used for calculating the bank and word for the Lower MAC address. Now extended partitions $ sudo sfdisk /dev/sdb Īs an example sanity check, we will read the mac address of our imx Restore sdcard backup First restore partition tables $ sudo dd if=parti-backup/backup-sdb.mbr of=/dev/sdb Rest of steps can be followed using HAB tutorial.Ĭreate fuse table and binary to be flashed to imx fuses. $ echo “ee669fb8ee669fb8” > serial$ echo “SUPER_SECURE_SECRET” > key_pass.txt$ echo “SUPER_SECURE_SECRET” > key_pass.txt$. Serial number can be read from im圆 On-Chip OTP Controller.įrom im圆 console run cat /sys/fsl_otp/HW_OCOTP_CFG0įrom build system, set certificate serial using cpu uid, set CA passphrase to protect code signing private key, and generate certs $ cd keys I used the Trendnet TU-S9 usb to rs232 cable to connect with no issues. The board comes with an rs232 cable for tty access and is enabled in uboot and linux. Might have to press ctl-alt-f5 to get login prompt ![]() We need to disable qt gui startup from systemd.ĭelete /media/mkocbayi/c1a350a8-ddfb-4d54-8f9f-56b0cbfab55c/etc/systemd/system//rvice Get a working terminal on boundary devices’ shipped sdcard with Linux. SoC MCiMX6Q6AVT10AC Arm Cortex-A9 Quad core 1GB DDR3 RamĬomes with Linux pre-installed on sdcard. This guide also doesn’t cover encrypting your firmware. Basically protect any artifacts that are involved in the boot process and running of the OSĭisclaimer: These are just some of my notes and should not be used in any production systems without due caution and validation for accuracy.Strip the uboot binary down to the basic feature required.Disable any external scripts from loading.prevent the system from booting from arbitrary RAM location.blowing fuses to prevent debug interfaces.A number of other steps will need to be included, such as The steps described here alone will not prevent you system from running untrusted code. I won’t cover the purpose of secure boot or the chain of trust. ![]() I hope this helps to fill in some of those gaps. The guide above is out of date, and missing information. These notes are based on Boundary Device’s blog on implementing HAB on an im圆 SoC.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |