Open AI-LLM2 opened 2 months ago
DualTachyon
commented
2 months ago 
AI-LLM2
commented
2 months ago Thank you very much for your reply.
For enabling Secure Boot, only rk-usb and enable-sb.packed.bin were used. What is the purpose of rk3588_ramboot_loader_v1.12.106.bin?
When booting the system normally from DDR, what needs to be verified? Is it the rk3588_ddr_lp4_2112MHz_lp5_2400MHz_v1.16.bin, u-boot, and kernel?
DualTachyon
commented
2 months ago As I mentioned in 2) above, it is just to confirm that secure boot has been enabled. If you send normal unsigned ramboot.bin, it should fail. If you send signed ramboot.bin, it should run successfully and display some messages in UART.
For normal boot, you need to generate "idbloader" image and sign it, which is the RockChip name for image with ddr.bin + spl.bin (e.g. rk3588_spl_v1.13.bin). But under secure boot, you need to rebuild spl from source because default spl will fail to load u-boot since it is not signed.
It is a lot of effort to prepare secure-boot images that can boot to OS successfully.
AI-LLM2
commented
2 months ago Thanks for your reply. I'll try it out first. Is there a WeChat group where we can discuss further?
DualTachyon
commented
2 months ago I don't have WeChat, only Telegram.
arksunix
commented
1 month ago only Telegram.
Can you send your telegram username?
The steps mentioned above are generally correct? 1、Enable Secure Boot in MaskROM Mode: Start by enabling secure boot while the device is in MaskROM mode. 2、Verification During Power-On: Upon reboot, the system will verify the rk3588_ramboot_loader_v1.12.106.bin and the U-Boot image.
Question: 1、Do rk3588-tools and rk3588-secure-boot need to be cross-compiled to run on the RK3588? 2、What is the purpose of the file rk3588_ramboot_loader_v1.12.106.bin?