Hi, I’m trying to implement a secure boot on a STM32MP1 without using the FIP file.

For now , I am not able to use FIP format during the boot process so I use a depreciated boot process with TF-Av2.2 as FSBL and U-Boot as SSBL to boot my Board.

My boot process do Romcode -> TF-A (BL2) -> SP_min (BL32) -> U-Boot (BL33) -> Linux kernel

I succefully implemented signature authentification between U-Boot and Linux image, but between TF-A and U-Boot it’s a little bit harder.

I learned on ST wiki how to sign my u-boot binary with the STM32MP_SigningTool_CLI, but when I sign my binary with a custom private key, TF-A don’t authentified it on boot, even if i tryed to pass my key to TF-A at compilation time with the BL33_KEY argument, which i think is dedicated to the FIP usage.

I found, in the sources of TF-A, what I think being a developpement key, named « arm_rotpk_ecdsa.pem ».

And when I sign my binary with this key, I am able to perform the signature check and continu my boot process. So I tryed to change this key with a custom one and recompile TF-A to update the key in the final binary, but it seem that it is not so simple.

 

I found yesterday that the auth_mod_init() function wasn’t call because I had forgotten the TUSTED_BOARD_BOOT=1 compilation argument. But when I activate it, the compilation doesn’t work and i see

« build/arm-trusted-firmware-v2.2/bl2/bl2_main.c:91: undefined reference to `auth_mod_init' »

Whitch traditionnaly append when linker don’t find the .o where the functions are implemented.

 

I would like to know if it is possible to implement some kind of authentification with custom keys without FIP and if yes where can i find some hints/ressources/tutorial ?

 

I don’t find a lot of ressources about secure boot without FIP so I hope you will be able to help me.