on a meeting with a potential client we got asked about the capabilities of a secure boot in the iMX8. To my knowledge, secure boot is an UEFI verification where any binary load at boot needs to be validated against known keys, so I don’t really know how could this be applied to us in our former SPL + Uboot based booting.
However, checking the iMX8 page some interesting comments where done regarding the ATF (ARM Trusted Firmware), and checking a bit more of this, it looks like a similar idea but I’m not sure. Could we tell the customers that we offer Secure Boot through ARM Trusted Firmware? Can customers sign their own firmware to avoid others being booted? I can understand the concern of running custom firmware in their devices.
Thanks and best regards,