Hi all!
Thanks for clarifying about the patch and testing it!
I will bring it up internally.
Best regards,
Hi all!
Coming back here to give feedback related to the patch shared by @dobrev.
Since this patch is already available in u-boot upstream, it will not be backported to Toradex’s BSP since upcoming versions of our BSP will get this patch “for free”.
Anyways, thanks to @dobrev and @JSR for bringing this up 
Have a nice day!
I’m thinking about production fusing. Of course it should be done from Tezi. Old Tezi 1.8 supports named fuse words like
/sys/fsl_otp/HW_OCOTP_SRK0
, which are quite straight forward to construct wrapup.sh.
Newer Tezi’s have single file /sys/bus/nvmem/devices/imx-ocotp0/nvmem, which is easy to make unbootable with wrong "dd skip= " in script.
The best would be if wrapup.sh was compatible with old and new Tezi. That’s a piece of work to debug…
Hi @Edward !
Sorry, but I didn’t understand… how is your message related to this thread?
It is better to create a new thread to start a new discussion.
Best regards,
That security recipe and the “HAB” in subject is about HAB. What security recipe makes at the end at least HAB authenticated u-boot and instructions in txt file how to fuse end engage security from u-boot console. Letting production staff using not only Tezi, but as well booting into u-boot (ehh, what about u-boot hardening with cli disabled???) and copy pasting u-boot fuse command instructions from txt. This is at least error prone. Am I really off topic?
Hi @Edward !
Indeed your considerations are related to the top-level subject here (HAB, secure boot, …).
But it is better to create a new ticket when the specific topic is not the same. Not to mention that this topic is already marked as solved.
Could you please create a new topic so we can discuss your (IMO very reasonable) considerations? If you want, you can refer to this topic in your new topic.
Thank you for the comprehension
Best regards,