Secure Boot Support


#1

Hi,

I wonder if there is support for secure/trusted boot on any Banana Pi board? And how to use it?


(Chema) #2

+1 Is it possible? I’m interested too for Secure IoT projects. Thanks


(ZB) #3

Hello, Bpi-W2 could support secure boot


(Chema) #4

After a little research, I managed to read the SID Key (128bits), the OEM and the temperature calibration data for the BPI-M2 Zero. The rest of the records always return “0” s.

For reading, I modified devmem2.c using memory mapping but adding a modification of “sid_read_key” from sunxi-uboot.

The problem is writing. I have implemented the “sid_program_key” too and it runs fine, but it does not do anything. It gives the same reading value (0s). I have tried with records like SN, NV1 or ROTPK_HASH.

To rule out possible paging / user space problems, I have tested directly by writing logs from u-boot (via UART Debug) and from sunxi-fel. Nothing.

I have also seen that according to the schematic of BPI M2 Zero. The pins of the fuses (VDD_EFUSE and VDD_EFUSEBP) seems to be configured but I do not know if this configuration is the correct one to be able to do OTP programming.

Any idea?

Thanks!