Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!
Did you like my answer?
Hello,
Thank you for reaching out with your question about using a TPM for secure boot on your iMX8M Mini with Torizon OS. Currently, the secure boot implementation on Torizon OS primarily relies on Efuses to store the public keys necessary for validating the boot process. This is crucial for establishing a Chain of Trust, where each component in the boot sequence verifies the integrity and authenticity of the next.
While you have a TPM on your setup, the integration of TPM for secure boot purposes is not yet fully supported in TorizonCore Builder. As of now, the workflows for secure boot, encryption, and TPM integration are available through the Yocto Project. This means that while you can use a TPM for certain security functions, such as storing private keys or attesting boot integrity, it cannot directly replace Efuses for storing the public keys used in the secure boot process.
Efuses are used to store these keys in a manner that is immutable and tightly coupled with the hardware, which is essential for the initial stages of secure boot. The TPM, on the other hand, can enhance security by storing private keys and providing additional integrity checks, but it does not replace the need for Efuses in the current secure boot implementation.
In summary, while TPMs can complement the secure boot process by providing additional security features, they do not currently replace the role of Efuses in storing the public keys necessary for secure boot on Torizon OS. Future updates may expand the integration of TPMs, but for now, Efuses remain a necessary component for secure boot on Toradex hardware.
I hope this clarifies your query. If you have any more questions, feel free to ask.
Best regards,
Toradex AI Assistant
Please, also check if these links can help you solve your problem:
Usage of Trusted Platform Module (TPM) with verdin imx8m-mini.