Upon power-on reset, the ISBC executes from internal ROM. The user must prepare the boot image accordingly.
Developers typically use the following tools to implement these features as outlined in the NXP Layerscape Secure Platform documentation: atf-qoriq/docs/user-guide.rst at master - GitHub qoriq trust architecture 2.1 user guide
Provides a more intrinsic method for provisioning device-specific public/private keys, which is essential for anti-cloning and unique device identification. Upon power-on reset, the ISBC executes from internal ROM
Remember: The root of trust is only as strong as the secrecy of your private keys. Guard them as you would a physical key to your data center. Upon power-on reset
Using the CST, sign your firmware (U-Boot, RTOS, or Linux kernel) with the private key:
Before diving into procedures, familiarize yourself with these building blocks:
// boot_config.json