How to test Secure Boot in Arria10 without programming any FUSE

AbhishekH · ‎06-27-2022

The documents mention "unsecured root key" that doesn't need to be stored in the device and is supposed to be present in the boot header.

But I can't find any procedure to achieve this.

EBERLAZARE_I_Intel · ‎06-30-2022

Hi,

Is this the document you are referring to?:

https://www.intel.com/content/www/us/en/docs/programmable/683060/20-4/an-759-using-secure-boot-in-soc-devices.html

AbhishekH · ‎07-01-2022

Yes

EBERLAZARE_I_Intel · ‎07-04-2022

Hi,

Please read the SoC Security Section of the Arria 10 SoC HPS TRM:

https://www.intel.com/content/www/us/en/docs/programmable/683711/21-2/soc-security.html

EBERLAZARE_I_Intel · ‎07-05-2022

Hi,

Do you have any follow-up questions?

EBERLAZARE_I_Intel · ‎07-07-2022

Hi,

Did you try to reply? I see some changes made from you on this case but no latest reply is visible in the forum.

AbhishekH · ‎07-07-2022

Hi,

Sorry for the delay. But I couldn't find the procedure to place KAK in boot header in that document. I also noticed that It's mentioned we need to get NDA to get complete document. By any chance that document has the procedure I need or are you referring to the publicly available document ?

EBERLAZARE_I_Intel · ‎07-17-2022

In the AN759. You need python and the secure boot tools (https://github.com/altera-opensource/alt-secure-boot)

python -B -E secure_boot_tools/alt-secure-boot/bin/\

alt_authtool.py sign -t user -k root_key.pem -i\

u-boot_w_dtb-single-mkimage.bin -o u-boot_w_dtb-signed.abin

The User is the Unsecure key.

EBERLAZARE_I_Intel · ‎07-19-2022

Hi,

Do you have any further questions?