Hi, I’m the Toradex AI Assistant.
I might make mistakes. Our support team will step in if needed. If I answered your question, please tick the “Solution” checkbox. For follow-up questions to me, please use @ToradexAI in your post.
Did you like my answer? 
Hello Paul,
You’re observing expected behavior related to secure boot on your Colibri iMX7. When the device is in the closed (secure) state, access to certain commands—including SDP (Serial Downloader Protocol)—is deliberately blocked for security reasons. This restriction is intended to prevent unauthorized access to the boot process once secure boot is enforced and the closing fuse is set. The warning you see during boot confirms that the command would be denied when the fuses are actually closed.
A few key points to consider:
-
The variable
TDX_SECBOOT_WL_ALLOW_CLOSED_CATEG = "CMD_CAT_ALL_SAFE"sets which bootloader command categories are permitted in closed state, but SDP falls into a category that is generally not allowed for security. There are no additional CMD_CAT_xxx values you can configure to enable SDP in closed state because this protocol is specifically restricted once secure boot is finalized. -
This behavior is by design and listed as a key secure boot feature: after fuses are closed, only properly signed bootloaders and verified images will be accepted, and specific low-level interfaces like SDP are irreversibly disabled (1).
To avoid getting further modules blocked:
- Test Before Closing Fuses: Always thoroughly validate your secure boot implementation, signed bootloaders, and overall system configuration before setting the irreversible closing fuses. Use test boards or enable secure boot in “open” state to verify everything.
- Sign All Images Correctly: Ensure all bootloader images and other components used in the boot chain are properly signed according to your secure boot process.
- Familiarize Yourself With Locked State Limitations: Once a module is in the closed state, interfaces like SDP and custom unsigned bootloaders will not be available. It’s also not possible to use tools like Easy Installer, since it requires loading its own bootloader—which cannot occur on a locked device (1).
Summary: There is no configuration or CMD_CAT_xxx value that will allow SDP after the device is closed for secure boot. Be sure to complete all testing and provisioning prior to closing fuses. After that, only signed images and a locked boot chain are permitted by design.
If you need more in-depth guidance on secure boot flow for Colibri iMX7, please let me know.
Best regards,
Toradex AI Assistant.