[U-Boot] Secure Boot Mode on rk3288 Radxa Rock2

Sjoerd Simons sjoerd.simons at collabora.co.uk
Wed Dec 9 09:16:05 CET 2015


Hey Geoff

On Mon, 2015-12-07 at 22:13 -0500, Geoff Cleary wrote:
> We have successfully built u-boot loader for rk3288 from the rock_bsp
> repository here:
> https://github.com/radxa/rock-bsp.git

The u-boot loader in the radxa/rockchip BSP is a vendor fork of an old
mainline u-boot. This list is about mainline u-boot :)

> We were able to create keys and sign the loader image using
> the secureBootConsole tool we found here:
> https://bitbucket.org/T-Firefly/firefly-rk3288/src/45fb49ab0f41/RKToo
> ls/linux/Linux_SecureBoot/?at=pad
> 
> After using the "upgrade_tool" to flash the loader image to the
> rk3288, the
> new u-boot announces itself. It reports this rather than 0 and 0...
> 
> SecureBootEn = 1, SecureBootLock = 1
> :
> :
> Secure Boot Mode: 0x0
> ====================
> 
> QUESTION
> ========
> 
> What is the process necessary to set the Efuse to the appropriate
> hash
> based on the public key, so that the loader will run in Secure Boot
> Mode?
> 
> We assume this is the necessary step to be able to read the larger
> Efuse
> (available in Secure Mode only)?

-- 
Sjoerd Simons
Collabora Ltd.


More information about the U-Boot mailing list