FAQ_MA35D1_Build and Enable Secure Boot Image
Posted: 03 Jan 2023, 14:11
First, you need to write the public and private key to OTP
Refer to UM_EN_MA35D1_NuWriter for writing key to OTP
Buildroot:
1. Enable MA35D1 Secure Boot and enter the key you want
2. Rebuild the Image
3. The otp_key.json will be generated in the folder below
4. Write the three keys to MA35D1 OTP by NuWriter
publicx, publicy, aeskey
5. Program the Image to the target board
6. Remember switch PG0 ON to enable secure boot
Yocto:
1. Edit the target board configuration
2. Rebuild the Image
3. The otp_key_sdcard.json will be generated in the folder below
4. Write the three keys to MA35D1 OTP by NuWriter
publicx, publicy, aeskey
5. Program the Image to the target board
6. Remember switch PG0 ON to enable secure boot
Refer to UM_EN_MA35D1_NuWriter for writing key to OTP
Buildroot:
1. Enable MA35D1 Secure Boot and enter the key you want
Code: Select all
$ make menuconfig
Bootloaders --->
[*] MA35D1 Secure Boot
() AES Key
() ECDSA Key
Code: Select all
$ make
Code: Select all
/buildroot/output/images/nuwriter/otp_key.json
publicx, publicy, aeskey
5. Program the Image to the target board
6. Remember switch PG0 ON to enable secure boot
Yocto:
1. Edit the target board configuration
Code: Select all
$ ~/yocto/source/meta-ma35d1/conf/machine/numaker-som-ma35d1681.conf
...
AES_KEY = “ ”
ECDSA_KEY = “ ”
...
Code: Select all
$ bitbake nvt-image-qt5
Code: Select all
~/shared/yocto/build/tmp-glibc/deploy/images/numaker-som-ma35d16a81/nuwriter/otp_key_sdcard.json
publicx, publicy, aeskey
5. Program the Image to the target board
6. Remember switch PG0 ON to enable secure boot