Archive 2025

SWUpdate: build, sign & install a minimal .swu that updates only an app + config

Published at July 26, 2025 ·  6 min read

Goal Produce a small, signed .swu that installs only a binary and its config file, with hash verification, public‑key signature, and optional Lua/postinstall hooks — and know how to fix every error you’ll hit on the way. Directory structure Below is the recommended structure of your update package. sw-description – The manifest file describing all update components. sw-description.sig – The signature of the manifest, generated after signing. app/ – Contains application binaries to be installed....

Secure Boot Path: From BootROM to Userspace in ZynqMP and i.MX8

Published at July 18, 2025 ·  5 min read

🔐 Introduction Secure Boot ensures that only authenticated and untampered code runs on a system. This post walks through the secure boot process from BootROM all the way to Linux userspace, focusing on Xilinx ZynqMP and NXP i.MX8. We explain how keys are stored and verified, how FIT images are authenticated, and what protections are required even after Linux boots. 📊 Secure Boot Flow Overview The diagram below illustrates the secure boot process commonly used in embedded SoCs like Xilinx ZynqMP and NXP i....

Securing U-Boot with FIT Signature and Key Injection on ZynqMP

Published at July 17, 2025 ·  4 min read

This blog post provides a comprehensive guide to implementing secure boot with U-Boot using FIT image signatures and RSA public key injection, targeting Xilinx ZynqMP platforms such as the ZCU102. It includes theory, differences between DTB embedding methods, and a practical Yocto-based implementation. Background: FIT Signing and Public Key Injection Modern U-Boot supports signed FIT images to enforce boot-time validation of kernel and other binaries. The verification is done using an RSA public key embedded in U-Boot’s DTB....

Installing Xen Support on Xilinx ZynqMP

Published at July 15, 2025 ·  3 min read

This blog post summarizes how to install and run Xen with Linux as Dom0 from an SD card on the ZCU102 Rev 1.1 development board by Xilinx. The method is based on a Yocto-generated build but includes a few manual adjustments to enable Xen hypervisor support without embedding it directly in the Yocto recipes. This approach is useful for debugging, experimenting with boot configurations, and staying flexible. Boot Script The following U-Boot script is used to load Xen, Linux, and the device tree blob (DTB) from the SD card....