Well, to be honest I don’t need all those secure boot thing (HAB). I don’t need RSA encryption or signing my existing images.
I just want to make external eMMC content to be encrypted so that it can not be read by external parties. This is very a primitive, yet effective feature provided by almost every FPGA and MCUs.
The processor on the SoM has to support to burn a key which is not readable, let’s say 128bit symmetric AES key, that should be all. All data to eMMC should be encrypted and data from eMMC should decrypted automatically.