9/16/2023 0 Comments U boot yocto![]() Start editing and adding the files Edit: "arch/arm/cpu/armv7/m圆/Kconfig" M圆qsabresd_config/include/generated/autoconf.h:#define CONFIG_TARGET_MX6SABRESD 1īoard/freescale/m圆sabresd/Kconfig:if TARGET_MX6SABRESDĬonfigs/m圆dlsabresd_defconfig:CONFIG_TARGET_MX6SABRESD=yĬonfigs/m圆qsabresd_defconfig:CONFIG_TARGET_MX6SABRESD=yĬonfigs/m圆sabresd_spl_defconfig:CONFIG_TARGET_MX6SABRESD=y M圆qsabresd_config/include/config/nf:CONFIG_TARGET_MX6SABRESD=y M圆qsabresd_config/.config:CONFIG_TARGET_MX6SABRESD=y For example, in our case we look for "TARGET_MX6SABRESD":Īrch/arm/cpu/armv7/m圆/Kconfig:config TARGET_MX6SABRESDĪrch/arm/cpu/armv7/m圆/Kconfig~:config TARGET_MX6SABRESD One of the ways how to do it, is to search for files with your reference board name. You may need to figure out by yourself what everything has to be changed and added to support a new board. Therefore, there are no general instruction how to add custom support into the software. Very often, there are differences between software versions. UBoot: How to add support for OpenRex (Or your custom board) I normally also create a branch (I use the same name as the YOCTO branch): Create a new repository and put it there. We need to upload the original YOCTO u-Boot source code to our own github. pc/ is added during applying patches and we dont want to have it in github): ![]() Go on the end of the file and add following line (a folder. git:Ĭd ~/fsl-community-bsp/build/tmp/work/im圆qsabresd-poky-linux-gnueabi/u-boot-fslc/v2015.10+gitAUTOINC+1b6aee73e6-r0/git We need to do a small correction for github (because we would like to work with our own github, not the YOCTO one). Source setup-environment build //run this command in case bitbake is not found, otherwise you don't have to run it Run this to get a clean starting source code:Ĭd ~/fsl-community-bsp/ //run this command in case bitbake is not found, otherwise you don't have to run it ![]() Users can refer to the steps below to enable the secure boot (BL1 to BL2).UBoot: Upload the original YOCTO source code to githubīe sure you start with an empty meta-openrex (no patches inside). This ROM code cannot be modified, however we can enable secure boot feature through efuse settings. If the comparison succeeds, the system jumps to BL2 loader. In the meantime, BL1 decrypts the signature of BL2 loader based on RSA-2048. ![]() BL1 loads the BL2 loader and calculates the SHA-256 hash from the BL2 loader. If the comparison passed, BL1 would do signature verification in the next steps. The hash of ROTPK is compared with the one from the eFuse. The BL2 (TF-A) is verified through the following sequence of steps.īL1 loads a hash based on root of trust public key (ROTPK) from the eFuse and calculates the SHA-256 hash of that ROTPK in BL2 image. When we power-up the device, the BL1 (ROM code) is the first code run. ![]() Since DAA relies on secure boot, please follow the section Secure Boot: BL1 to BL2 to make sure that secure boot is enabled for DAA enablement. Currently, the platforms include Genio 350-EVK, Genio 700-EVK and Genio 1200-EVK. It is recommended to generate a different key for the Download Agent (DA) signing:ĭAA has been supported on all platforms. On the secure boot mechanism, Download Agent Authentication would be enabled to support download agent verification by BL1 (BootROM) through the following sequence of steps.įirst, BL1 loads auth file (auth_sv5.auth), Download Agent binary (lk.bin) and the signature (lk.sig) into SRAM.īL1 will verify the auth file based on root of trust public key (ROTPK).Īnd then BL1 will use the auth file to authenticate the Download Agent binary with the signature. You can ensure trusted Download Agent (DA) through Mediatek BootROM secure boot. If the device is hard bricked, you will need the Download Agent binary (lk.bin) to access the internal storage and download process via USB interface. The Download Agent (DA) is important to complete the flashing process. This document explain how to secure each boot transition. U-Boot (B元3) verifies Linux Kernel image with U-Boot FIT Verified Boot mechanism TF-A (BL2) verifies the B元x image (fip.bin) which includes TF-A (B元1), OP-TEE (B元2) and U-Boot (B元3) with TF-A Trusted Board Boot mechanism The BootROM verifies TF-A (BL2 image) with BROM secure boot mechanism The RoT(Root of Trusted) is Mediatek BootROM on Mediatek platform. Secure boot relies on cryptography to verify image signatures before their execution. Secure boot is a mechanism that establishes a Chain of Trust (CoT) on all system boot images. (Recommended) Build from IoT Yocto Layer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |