Rockchip Secure Boot Yocto integration

3300,00  (ex. VAT)

This product will implement the Secure Boot on your target Rockchip hardware through the specially crafted Yocto meta layer. The signing process will be integrated and automated as part of your standard Yocto build process.

Note that this service does not cover U-Boot hardening. If U-Boot shell is available, one may still bypass the signature verification process. If you are interested in the full boot chain protection, please consider the U-Boot hardening service as well.

Please contact us for more details or for different type of Secure Boot integration (different build system or different hardware).

Discover more related products through our trusted partners! Explore more at Nitrokey online store.

x
Category:

Description

The implementation of Secure Boot on the platform significantly increases its security by preventing the launch of an unsigned / wrongly signed firmware that is not authorized by the device provider.

In the case of Rockchip based platforms, the procedure is to enter the public key into eFUSE which allows to establish Root-of-Trust. The procedure itself may include powering the eFUSEs from external power supply, so it may be important to have board schematics before starting the implementation.

This product will implement the Secure Boot on your target Rockchip hardware through the specially crafted Yocto meta layer. The signing process will be integrated and automated as part of your standard Yocto build process. You will also receive extensive documentation containing:
– usage documentation and verification procedures,
– procedures how to generate keys and sign firmware binaries.

Features:
– verification of U-Boot
– possibility of using mainline or Rockchip U-Boot