2022-04-30, 06:36
Did you ever check if the encrypted bootloader prevents coreelec from booting from the sd card as well as the emmc?
Reading the datasheet for the aml 922, it seems to imply that the bootrom can still boot a non-encrypted bootloader even after an aes key has been burned in an bootrom efuse.
So, once the otp aes key has been burned, only a bootloader encrypted with that key will ever be able to be decrypted, but a non-encrypted bootloader might still boot?
That is what I gleaned from reading the datasheet but I have no experience in practice. Perhaps only an encrypted bootloader will ever be able to boot once the efuse(s) are burned with the key?
I'd rather boot from the emmc but if nodody has tested that with the encrypted bootloader, has anyone tested booting from the sd card when the emmc has an encrypted bootloader?
Reading the datasheet for the aml 922, it seems to imply that the bootrom can still boot a non-encrypted bootloader even after an aes key has been burned in an bootrom efuse.
So, once the otp aes key has been burned, only a bootloader encrypted with that key will ever be able to be decrypted, but a non-encrypted bootloader might still boot?
That is what I gleaned from reading the datasheet but I have no experience in practice. Perhaps only an encrypted bootloader will ever be able to boot once the efuse(s) are burned with the key?
I'd rather boot from the emmc but if nodody has tested that with the encrypted bootloader, has anyone tested booting from the sd card when the emmc has an encrypted bootloader?