Closed sergioprado closed 5 months ago
Alright, so I was testing this before in a module with the wrong keys fused!
After fusing the correct keys in a new module, I could confirm secure boot works when OP-TEE is enabled
# fuse read 6 0 4 Reading bank 6: Word 0x00000000: b9bb8a0c 2ff6c619 79b3a9f0 9d426fe6 Verdin iMX8MP # fuse read 7 0 4 Reading bank 7: Word 0x00000000: 92523418 d01d4e2b a23ccf8c 3d794bac # hab_status Secure boot disabled HAB Configuration: 0xf0, HAB State: 0x66 No HAB Events Found!
And that makes sense. The OP-TEE firmware goes to a FIT image that is being signed by the generate_csf_fit() function.
So we can safely enable OP-TEE together with secure boot. :-)
Alright, so I was testing this before in a module with the wrong keys fused!
After fusing the correct keys in a new module, I could confirm secure boot works when OP-TEE is enabled
And that makes sense. The OP-TEE firmware goes to a FIT image that is being signed by the generate_csf_fit() function.
So we can safely enable OP-TEE together with secure boot. :-)