Hints for implementing Trusted Boot with Linux on imx6 needed

    Hello,

    I'm working on a concept of implementing Trusted Boot with Linux on a imx6 based board board.

    The needed steps I assume are:

    1. Burn the hash of the uboot public signing keys to the imx6 eFuses
    2. Sign uboot with the private signing key and integrate the public signing to the uboot image
    3. Sign the Linux-Kernel
    4. Sign files on Rootfs (with dm-verity or Linux IMA?)

    Is this roughly correct? Have you an example already implementing Trusted Boot that you can provide me? Or can you recommend me some external resources?


    Thank you in advance,

    André Wagner

    Hello,


    yes this is roughly correct. We have done the implementation for Secure Boot on i.MX6. For further information please take a look at the following link.


    https://fs-net.de/en/software/secureboot/


    Your F&S Support Team

    F&S Elektronik Systeme GmbH
    As this is an international forum, please try to post in English.
    Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.