#u-boot

Secure Boot Path: From BootROM to Userspace in ZynqMP and i.MX8

Published at July 18, 2025 ·  5 min read

🔐 Introduction Secure Boot ensures that only authenticated and untampered code runs on a system. This post walks through the secure boot process from BootROM all the way to Linux userspace, focusing on Xilinx ZynqMP and NXP i.MX8. We explain how keys are stored and verified, how FIT images are authenticated, and what protections are required even after Linux boots. 📊 Secure Boot Flow Overview The diagram below illustrates the secure boot process commonly used in embedded SoCs like Xilinx ZynqMP and NXP i....

Securing U-Boot with FIT Signature and Key Injection on ZynqMP

Published at July 17, 2025 ·  4 min read

This blog post provides a comprehensive guide to implementing secure boot with U-Boot using FIT image signatures and RSA public key injection, targeting Xilinx ZynqMP platforms such as the ZCU102. It includes theory, differences between DTB embedding methods, and a practical Yocto-based implementation. Background: FIT Signing and Public Key Injection Modern U-Boot supports signed FIT images to enforce boot-time validation of kernel and other binaries. The verification is done using an RSA public key embedded in U-Boot’s DTB....

Low Level Debug of STM32MP15c7

Published at June 21, 2021 ·  4 min read

Low-level debug of MCU may essential during the bring-up process of a new board. Especially for checking critical components like the DDR. The MCU under debubung is STM32MP157. I strongly based on the yocto build system for the SDK and the compilation and signature of the system. See here and How to configure TF for a manual build of TF-A without yocto. It can be uses the STM32_Programmer_CLI load TSV files into the EMMC....