New ContributorThe documents mention "unsecured root key" that doesn't need to be stored in the device and is supposed to be present in the boot header.
But I can't find any procedure to achieve this.
Regular ContributorHi,
Is this the document you are referring to?:
New ContributorYes
Regular ContributorHi,
Please read the SoC Security Section of the Arria 10 SoC HPS TRM:
https://www.intel.com/content/www/us/en/docs/programmable/683711/21-2/soc-security.html
Regular ContributorHi,
Do you have any follow-up questions?
Regular ContributorHi,
Did you try to reply? I see some changes made from you on this case but no latest reply is visible in the forum.
New ContributorHi,
Sorry for the delay. But I couldn't find the procedure to place KAK in boot header in that document. I also noticed that It's mentioned we need to get NDA to get complete document. By any chance that document has the procedure I need or are you referring to the publicly available document ?
Regular ContributorIn the AN759. You need python and the secure boot tools (https://github.com/altera-opensource/alt-secure-boot)
python -B -E secure_boot_tools/alt-secure-boot/bin/\
alt_authtool.py sign -t user -k root_key.pem -i\
u-boot_w_dtb-single-mkimage.bin -o u-boot_w_dtb-signed.abin
The User is the Unsecure key.
Regular ContributorHi,
Do you have any further questions?
