Is there any documentation how to use secure boot?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2020-01-17 1:01 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2020-01-17 1:09 AM
Hi @Evan .1​
Did you go through this one ?
https://wiki.st.com/stm32mpu/wiki/STM32MP15_secure_boot
Hope it help
Olivier
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2020-01-17 2:16 AM
Thanks. Do I understand correctly that sercure boot is only a image authorisation method. The image itself is not encrypted. So reverse engineering the code can be done on an other device. Or replace the processor and copy the image to that device without the header.
I like some more detail.
Also can I disable jtag/debug port.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2020-01-17 6:35 AM
​Hi,
you understanding is correct.
As all the code is stored on external memories which are seen as non secure devices, the code can be hacked.
The authentication process at least ensures that modified code is not executed.
From this reason disabling the debug port doesn't help - the processor doesn't need to be involved.
BR,
Milan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2020-01-19 11:14 PM
Thanks for the reply.
I want to know if I i can I prevent cloning and reverse engineering.
I don 't see secure boot on his own very useful. So probably I'm missing the big picture.
- I possible with secure zone and secure boot. to make a protected environment. That prevent Jtag/DAP/Debug port from reading memory. and any other way of loading code in this protected envirement.
- Can I force code at startup to be stored in sysram.
- Is it possible to combine this with linux? Even if one cores run my own code in the protected environment and the other the linux environment.
Thanks for the information.
EVS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2020-01-20 8:11 AM
see also https://wiki.st.com/stm32mpu/wiki/Boot_chains_overview#STM32MP_boot_sequence
and https://wiki.st.com/stm32mpu/wiki/OP-TEE_overview
