Secure boot for Basic PG2

[SCordibella]

Hi All, I am working on IoT 2050 Basic PG2 and I want to enable disk encryption.

Starting from the "Example image with SWUpdate support" it is possible to enable secure boot and encryption. It is not clear to me which steps are needed to implement a "real" case (ie: change the default keys) and if I need to explicitly create a firmware image or if it is already made by the example image. Since I am working with the Basic version without eMMC I suppsoe that is not require to provision OTP in hardware.

Are there any documentation about the intended flow?

Best regards, Stefano.

[jan-kiszka]

Before going into details: The Basic variant does not support secure booting. The SOC used there does not validate the firmware it loads, thus you cannot establish a root of trust. You would need one of the Advanced variants. For them, there is also this manual: https://support.industry.siemens.com/cs/document/109818783/iot2050-secure-boot?dti=0&lc=en-DE

[SCordibella]

Thank you @jan-kiszka it was not clear to me that IoT 2050 Basic doesn't support secure boot. Also thanks a lot for the document.