Arm secure boot linux. Embedded and Microcontrollers.

---

Arm secure boot linux ARM is a much more fragmented market than x86, and there exists Windows, Linux (specifically android,) and apple based devices that try to restrict what is allowed to run based on something like Secure Boot where the firmware or bootloaders are locked down to BL2 - Trusted Boot Firmware，一般为Trusted Bootloader。 BL31 - EL3 Runtime Firmware，一般为SML，管理SMC执行处理和中断，运行在secure monitor中。 BL32 - Secure-EL1 Payload，一般为TEE OS Image。 BL33 - secure boot会在固件和应用程序之间建立一种信任关系。 BL32是所谓的secure os，在ARM平台下是 ARM 家的 Trusted Execution Environment（TEE）实现。 到了BL33 UEFI Secure Boot on Arm –EDK2 recap Complete CoT Secure Variable Storage Other OSS Solutions (Android, U-Boot) Next steps. This is true of physical machines, but also of virtual Microsoft mandating Secure Boot on ARM, making Linux installs difficult Windows 8 systems certified to run on ARM will not have the option to turn Jon Brodkin – Jan 16, 2012 9:05 am | 243 TF-A supports Secure Boot flow models. Though secure boot process have to be validated using a linux distribution as the target OS, the RD platform software stack currently limits this feature validation to boot of a signed busybox OS. The general approach is similar across vendors, but there is no standardization in this area. Run it and Arch should start. To enable the secure boot feature, all the firmware should be signed, and the boot process must be configured to use the RSA public key algorithm. [5] FIPS PUB 186-4 FIPS PUB 186-4 Digital Signature Standard (DSS). The Linux kernel expects registers x0-x3 to have specific values at boot. Ok so about the 在Linux系统中，Secure Boot（安全启动）是一种用于保护计算机免受恶意软件和未经授权的操作系统启动的安全功能。 ARM Linux SecureBoot AHAB NXP . ENGINEERS AND DEVICES Linux Kernel A Linux Kernel B Secure App1 Secure App2 Guest App1 Guest App2 PK pub KEK pub db / dbx ROTPK SHA-256 CC KC KC CC Normal World Secure World Sign1 Sign2 EL0 EL1 EL2 S-EL0 EL3 安全引导（Secure Boot）功能是指在系统的整个启动过程中，使用链式验证电子签名的方式来验证系统中重要镜像文件的可靠性，然后再加载镜像文件的引导过程。 安全引导功能可以保护二级厂商系统的独立性和完整性。 To setup the secure boot process follow the steps listed below on the first boot. 2 LTS and 12. However, I have noticed that because the secure boot是指确保在一个平台上运行的程序的完整性的过程或机制。 BL32是所谓的secure os，在ARM平台下是 ARM 家的 Trusted Execution Environment（TEE）实现 _secure boot. A short explanation of Secure Boot I want to learn about using TPM in embedded Linux on ARM for secureboot, TrustZone etc. If you want to use RSA2048 for Genio 510-EVK and Genio 700-EVK, you can skip enabling RSA3072 in eFuse, Arm Base Boot Requirements (BBR) • Expands to include common firmware interfaces, but recognizes that different • Secure Boot and Firmware Update • V1. If AT91bootstrap was not encrypted, it would be fairly easy to forge the next Important. ” Interpret the Output: If the output displays “SecureBoot enabled,” it means that UEFI Secure Boot is currently active and enforcing the The hardware design features the Freescale i. There is a literal answer to your question and a non-literal answer. Login with user secboot and password secboot, then run startx to start XFCE. However, the exact steps may vary depending on your hardware and system configuration. 6 %âãÏÓ 1566 0 obj > endobj 1575 0 obj >/Filter/FlateDecode/ID[6A4F33CCDABD46D0B5C108F996EC3387>]/Index[1566 15]/Info 1565 0 R/Length 63/Prev 428492/Root 没搭建qemu运行ATF+Linux运行环境的，赶紧搞起来：XXX. Ie, the secure world supervisor is the most trusted and can easily transition to the other modes. TECHNICAL BLOGS. The GIC should run just fine with IRQs and only the secure world. 一文搞懂Secure Boot (安全启动) TDA4是德州仪器推出的一款高性能、超异构的多核SoC，拥有ARM Cortex-R5F、ARM Cortex-A72、C66以及C71内核，可以部署AUTOSAR CP系统、HLOS(Linux或QNX)、图像处理以及深度学习等功能模块，从而满足ADAS对实时性、高运算能力、环境 Arm systems that support the Realm Management Extension (RME) contain hardware to allow a VM guest to be run in a way which protects the code and data of the guest from the hypervisor. Automotive. 0, images will be signed with RSA3072 by default. When Secure-Boot feature is enabled since IoT Yocto v24. Note, there is a difference between the 'Secure world' and a 'Secure solution'. If the authentication of the grub or the linux kernel fails, the boot fails and the user 安全引导（Secure Boot）功能是指在系统的整个启动过程中，使用链式验证电子签名的方式来验证系统中重要镜像文件的可靠性，然后再加载镜像文件的引导过程。安全引导功能可以保护二级厂商系统的独立性和完整性。在ARMv8架构中ARM提供了ARM可信固件（ATF）。Bootloader、Linux内核、TEE OS的启动都由ATF @kumar His answer is correct. For example: * Secure/Non-secure world switching * PSCI interface * Interrupt initialization * EL3 runtime service. I used to use Manjaro but from my understanding it wouldn't work with secure boot. Next To setup the secure boot process follow the steps listed below on the first boot. So funktioniert Secure Boot PCs mit Windows 8 und Windows 8. The main idea is to prevent untrusted code from running on our platform. 1 Encryption For the Linux secure boot environment, two programs are encrypted: the AT91bootstrap program, and U-Boot. Before you begin This guide assumes that you are familiar with the Arm Exception model and memory management. This process aims to assert the integrity of all of the Secure world software images This document defines the security architecture and technical requirements to create a Trusted Boot process. The build option ARM_LINUX_KERNEL_AS_BL33 is intended for this special scenario. crash 是目前广泛使用的 linux 内核崩溃转储文件的分析工具，掌握 crash 的使用技巧，对于分析 Linux kernel 运行在 Non-Secure EL1，如果要进入TEE，首先需要调用汇编指令 进入 EL3，由 monitor（ATF）来完成 Non-Secure world到 Secure world的切换。在 mtk 平台上 3. UEFI Secure Boot is not an attempt by Microsoft to lock Linux out of the PC market here; Secure Boot is a security measure to protect against malware during early system boot. Arm SystemReady IR compatible systems are required to follow the Device Tree The Reference Software Stack implements UEFI Secure Boot as a method of verification to ensure only trusted software is booted by the BL33 boot-loader during the boot Secondary Bootloader (SBL) such as U-Boot. For baremetal Linux, the booting process is as the following diagram: And the booting process of virtualization BL33 通常就是 U-Boot，此次往后的应用都工作平台不信任的世界。但是此时 BL31 已经常驻内存，如果需要访问安全世界的资源，需要通过 SMC（共享内存） 方式调用BL31 Auf einem Intel x86-PC (keine ARM-PCs) haben Sie die Kontrolle über Secure Boot. boot_prep_linux用于实现跳转到linux前的准备动作。 而boot_jump_linux用于跳转到linux中。 都是以全局变量bootm_headers_t images为参数，这样就可以直接获取到前面步骤中得到的kernel镜像、ramdisk以及fdt的信息了。 The FUSE_BOOT_SECURITY_INFO on NVIDIA DRIVE devices determines which sequence is used. The AArch64 exception model is made up of a number of exception levels (EL0 - EL3), with EL0, EL1 and EL2 having a secure and a non-secure counterpart. TBBR works by A secure boot scheme adds cryptographic checks to each stage of the Secure world boot process. When a machine with secure boot powers up, ROM in the CPU does the first few stages of secure boot. The shim is an extension to the EFI secure boot which makes Arm Corstone-1000 Arm Corstone-1000 is a reference solution for IoT devices. With ventoy, you don't need to format the disk again and again, you just need to copy the iso file to the USB drive and boot it. The recommended scenario is: ARM TF (secure) -> UEFI/UBoot/Hypervisor (non-secure) -> OS (non-secure) Ventoy is an open source tool to create bootable USB drive for ISO files. In order to host a normal world, you need something in the secure world to host it. 04. sbat section of the UEFI binary. established from a root of trust that cannot easily be tampered with. This command will display the current state of Secure Boot, either “enabled” or “disabled. MX8 - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin. bin -serial stdio -semihosting-config enable,target=native -device virtio-net-device,netdev=user0 -netdev user,id=user0 -s -device virtio Now you’ll find the new VM (named packer-<something>) in VirtualBox. Embedded and Microcontrollers. See Secure boot. But I'm currently lost finding a good starting point. The EFI secure boot is a protocol to verify authenticity of loaded and executed PE binary. The secure world is an operating concept of the ARM CPU. 3 of the shim package on Oracle Linux 8 and Oracle Linux 9, Oracle has been using UEFI Secure Boot Advanced Targeting (SBAT). 1、ATF（ ARM Trusted firmware ） ATF将系统启动从最底层进行了完整的统一划分，将secure monitor的功能放到了bl31中进行，这样当系统完全启动之后，在CA或者TEE OS добрый день, коллеги последние дни пытаюсь разобраться с безопасной загрузкой на arm, и что-то как только доходит до практики, сразу кол-во информации падает на порядок. A Trusted Boot process involves verifying and measuring software in Arm open-source reference platform software of TBB+UEFI Secure Boot with Secure Variable storage access from Secure Partition Investigate U-Boot based solution for Embedded/Mobile 实际上，TZ更多的是和Intel的 SGX 概念对应，是在CPU和内存中区隔出两个空间：Secure空间和Non-Secure空间。 而ATF中有个Firmware概念，它实际上是Intel的Boot Guard、特权级和提 I want to learn about using TPM in embedded Linux on ARM for secureboot, TrustZone etc. In short, the UEFI specifications define the use of two asymmetric key pairs, platform key (PK) and Key Exchange Key (KEK), and databases for valid and invalid signatures. Cryptography Usage in Secure Boot 3. Enrolling the Solus Certificate After booting the ISO from USB/DVD and, if Secure Boot is enabled in your device's UEFI firmware. qemu-system-aarch64 -machine virt,secure=on -cpu cortex-a57 -smp 2 -m 1024 -bios bl1. 3. Linux kernel. Previous section. Interrupt the boot at EDK2 by pressing escape key and dropping into the EDK2 boot menu. 1. Preferably I'd like a distro with up to date repos especially for Plasma so don't suggest Ubuntu. 2. The information in the FUSE_BOOT_SECURITY_INFO bits is as follows: Bit[2:0]: authentication scheme: 001b: PKC-protected boot sequence with RSA 3K key pairs. RootFS (Root File System) 💡ARM Secure Boot. It extends the older “two world” model (Normal and Secure World) into four worlds: Normal, Secure, Root and Realm. GRUB2, or an OS kernel. Note: Just because Linux runs in the secure world, doesn't make your system secure! TrustZone and the secure world are features that Starting from version 15. The result is a notepad which works on ARM but not on Windows. g. com 9/1 Trusted Firmware 是 ARM 基於自家具有 TrustZone 功能的處理器所實作的開源程式，其主要目的是讓相關廠商可以更快速地將 TrustZone 架構性的整合到產品當中，此外同時也 Arm defines a trusted boot process through an architecture called Trusted Board Boot Requirements (TBBR), or Arm Trusted Firmware (ATF) Secure Boot. This is the same process used by Red Hat and SUSE, for instance. 100b: PKC-protected boot sequence with Ed25519 DSA key. 安全引导（Secure Boot）功能是指在系统的整个启动过程中，使用链式验证电子签名的方式来验证系统中重要镜像文件的可靠性，然后再加载镜像文件的引导过程。安全引导功能可以保护二级厂商系统的独立性和完整性。 These configuration options might already have been enabled if you configured them as part of Device Firmware Upgrade to support signed capsule file authentication. Microsoft act as a Certification Authority (CA) for Secure Boot, and they will sign programs on behalf of other trusted organisations so that their programs will also run. Usually it is a second stage bootloader, e. Select “Install Kali Linux”. For Genio 510-EVK and Genio 700-EVK, you must refer to the eFuse Writer Development Guide to enable RSA3072 for images signed by default. An ARMv7 CPU boots in the highest . The secure boot feature is an important requirement in the Base Boot Security Requirements which is recommended by the Arm SystemReady Compliance Program. –Acts as the ‘Secure Monitor’ on A53 and handles A53 initialization as well as loading of the subsequent secure & In addition to u/m2noid's excellent post, I offer a slightly different alternative. Boot the Kali Linux installer. 6k次。本文介绍了UEFI Secure Boot的工作原理，旨在帮助用户理解如何在开启Secure Boot的计算机上安装Linux。主要内容包括Secure Boot如何防止恶意软件，以及安装Linux的三种方法：选择支持Secure Boot的Linux版本、关闭Secure Boot或向UEFI添加公钥。同时提供了关闭Secure Boot的步骤，并指导用户从可 SecureBoot is a way to ensure the integrity of a system by configuring it to only boot if the images (programs) being loaded are signed by an authorized source. The CPU needs to be in HYP mode when Linux is booting so KVM can make use of the extension. AI. IoT. Member • Explain the purpose of the Trusted Base System Architecture and Trusted Board Boot Requirements specifications from Arm • Explain how a chain of trust is used to secure the boot of a device 1. Running Linux as a secure world OS should be standard by default. To enable Secure Boot on Kali Linux, follow these steps: 1. 10 -- will boot and install normally on most PCs The point is, ARM TF(Trusted-Firmware) has already implemented many features and some of which are required. Several terminal windows will pop-up in the screen, and the one to interact with has the window title: FVP terminal_ns_uart_ap. 24 at time of writing) and the latest pre-built Linaro I would like to go back to dual booting Windows + Linux however now that Windows requires secure boot I was wondering what distros would work. MX53 ARM® Cortex™-A8 800Mhz, 512MB DDR3 RAM; USB host powered (<500 mA) device with compact form factor (65 x 19 x 6 mm) ARM® TrustZone®, secure boot + storage + RAM; microSD card slot 文章浏览阅读6. I used the search engines 昨年からずっと調べていたのですが、ARMアーキテクチャのLinuxをSecure Bootさせることができました。使ったツールはbuildrootとQEMU。 EFI stub: Booting Linux Kernel EFI stub: UEFI Secure Boot is 文章浏览阅读1k次。本文详细介绍了安全启动（SecureBoot）的概念、作用和原理，特别是针对ARM架构的实现。通过分析ARMv7和ARMv8的启动流程，阐述了安全引导如何确保系统完整性的关键步骤。此外，文章深入探讨了ATF（ARM Trusted Firmware）在启动过程中的角色，包括BL1、BL2、BL31等多个阶段的执行细节 Trusted Firmware 是 ARM 基於自家具有 TrustZone 功能的處理器所實作的開源程式，其主要目的是讓相關廠商可以更快速地將 TrustZone 架構性的整合到產品當中，此外同時也 Secure boot in embedded Linux systems A secure boot implementation on i. 1. I think 'Semp' tries to address this. 4. from the hypervisor. The Host System is based on ARM Cortex-A35 processor with standardized peripherals to allow for the Choose a Linux Distribution That Supports Secure Boot: Modern versions of Ubuntu -- starting with Ubuntu 12. NIST. Sie können es deaktivieren oder sogar Ihren eigenen Signaturschlüssel hinzufügen. The boot sequence in ARM systems is a fundamental process that largely depends on the The Arm Developer Program brings together developers from across the globe and provides the perfect space to learn from leading experts, take advantage of the latest tools, and network. Certicom Corp. A warning will appear concerning a secure boot violation, press Enter on your keyboard to continue. Before you get started with the below instructions, go into your BIOS and under the Secure Boot options, select If you wish to avoid having to do this step then you may disable secure boot in your machine's UEFI firmware interface. Secure Boot with Test Keys Now we needed to configure a devicetree (devicetree is a hardware description used by ARM SoCs). The AT91bootstrap program is encrypted to prevent access to the keys that are used to authenticate U-Boot. 上一篇介绍了fip包的加载流程，说明了固件信任链，加解密验签的流程本篇开始展开，有代码，可操作，不只说空话翻译外文文档，真正触摸到代码才是真实，实力派扛把子。 ARM官方的secure boot实现规范TBB A boot sequence is a series of steps that a device goes through when it is powered on. The general approach is similar across vendors, but this area has no standardization. Blogs. %PDF-1. The reason is that secure is privileged, so code unware of TrustZone will still run without any modification (Ie, Linux Kernel, VxWorks, etc). read state of Secure Boot Check(SBC) and Download Agent Authentication(DAA) efuse bits - should be set to zero verify that Public Key Hash0 efuse field is empty 「安全啟動」(secure boot)是指作業系統(OS)在啟動鏡像與程式碼之前必須先根據硬體進行認證，才能使其用於啟動的過程。硬體必須以此方式提前作好準備：它只認證使用受信任的安全憑證所產生的程式碼。 對於執 网上很多方法比较复杂，而且容易出现各种不兼容问题，这里我记录我的一种比较简单的方法。（需要确保你的电脑支持 tpm） 该方法在我的 kali linux（基于 debian）已测试成功。 参考文献：archwiki 安装 sbctl archlinux: sudo pacman -S sbctl g This itb file contains a Linux kernel and a Device Tree, and will allow the system to boot Linux without U-Boot. Download the platform software 对于安全引导功能的实现和验证过程各家芯片公司的方案都不一样，这是由该芯片的启动流程以 ARMv7架构并没有使用ATF，系统的启动流程与以前一样使用BootLoader来引导Linux内核和TEE OS。安全引导的启动流程如图下所示。 安全引导的启动流程 系统启动过程使用链式验签的方式进行引导，其中任何一环验签失败都会导致系统启动失败**，为防止通过替换ramdisk来修改根文件系统中的内容，一般将ramdisk与Linux内核打包在同一个镜像文件中，**而且该镜像文件需要待验签通过后才可被使用。 Secure boot in embedded Linux systems A secure boot implementation on i. centos secure boot怎么关闭. The purpose of its firmware is to provide an Arm SystemReady IR-aligned interface to Linux. Freescale i. This sequence is designed to initialize and prepare the system for normal operation, loading essential software components, checking hardware configurations, and ensuring the system’s integrity. The AArch64 exception model is made up of a number of exception levels (EL0 - EL3), with EL0, EL1 本文是通过我自己对市面上的一些基于 ARM TrustZone 的 Secure Boot 实现的浅见、零零碎碎读到的一些安全分析文章、看到的一些讲座，总结一些常用的攻击思路，介绍一些真实的攻击案例。 SSBL 的作用是给 Normal World 做初始 By using the EFI boot stub it’s possible to boot a Linux kernel without the use of a conventional EFI boot loader, such as grub or elilo. com 9/1 make CROSS_COMPILE=arm-linux-gnueabihf- EXT_DTB=u-boot_pubkey. Enabling Secure Boot on Kali Linux is relatively simple. The boot process is divided in multiple consecutive boot stages, in which each Linux with KVM for ARM uses this mode to provide CPU virtualization. So by default things run in the secure world; On some devices, the SOC boot code switches to normal world Typically, TF-A supports the u-boot bootloader or the edk2 Non-secure bootloader as a BL33 image. I hope this is clear enough. dtb - Kernel, drivers and embedded Linux - Development, consulting, training and support This document is based on the ARM booting document by Russell King and is relevant to all public releases of the AArch64 Linux kernel. 1 enthalten anstelle des herkömmlichen BIOS die UEFI-Firmware. This blog is an update of one I wrote a couple of years ago, referencing the latest FVP models provided with DS-5 (v5. Linux can then How to Enable Secure Boot on Kali Linux. trusted Firmware) BSSK Binding Secret Boot Flow Overview –Terminology (Linux) •ATF –ARM Trusted Firmware: –ARMv8 secure firmware for the Cortex-A cores on the device. Linux内核启动过程概述一个嵌入式 Linux 系统从软件角度看可以分为四个部分：引导加载程序(Bootloader)，Linux 内核，文件系统，应用程序。其中 Bootloader是系统启动或 The Arm Developer Program brings together developers from across the globe and provides the perfect space to learn from leading experts, take advantage of the latest tools, and network. So please keep this thread topic only on the topic of secure boot unlock and Linux booting on Surface RT. Secure boot scheme adds cryptographic checks to each stage of the secure world boot 什么是secure boot. secure boot是指确保在一个平台上运行的程序的完整性的过程或机制。secure boot会在固件和应用程序之间建立一种信任关系。在启用secure boot功能后，未经签名的固件或程序将不能运行在该设备上。 目录 常用日志 boot. Everything here needs to be signed, so it is known that its not modified. цель: иметь возможность запретить перепрошивку [2] ARM DEN 0083A Arm® Trusted Base System Architecture for M [3] ARM DEN 0021D Arm® Trusted Base System Architecture, Client (4th Edition) [4] SEC 2 SEC 2: Recommended Elliptic Curve Domain Parameters. . Wählen Sie eine UEFI Secure boot is a verification mechanism for ensuring that code launched by firmware is trusted. Since the EFI boot stub performs the jobs of a boot loader, in a certain sense it IS the boot loader. It still uses refind (because setting up GRUB with secure boot is a pain in the ass), but instead of using sbsigntools, mokutil, and shim-signed, I use sbctl to create and sign with my own keys. temporary (Trusted Boot Firmware) BL31 Boot Loader 31: Resident secure services (ARM v8) BL32 Boot Loader 32: Resident secure services (ARM v7) BL33 Boot Loader 33: Typically U-Boot. In the ARM world, Secure Boot is typically a BootROM feature, which allows for verification of the loaded binaries (firmware, bootloader, Linux kernel) prior executing it. These are based on a hardware root-of-trust. The main idea is to prevent the untrusted code from running on our platform. MX53 processor, supporting advanced security features such as secure boot and ARM® TrustZone®. This is known as a secure boot sequence. Secure boot and Secure storage mechanisms are defined by the UEFI specifications. Who makes an ARM system that has secure boot? 08-26-2020, 12:56 AM #5: slac-in-the-box. 9k次，点赞7次，收藏60次。secure boot是指确保在一个平台上运行的程序的完整性的过程或机制。secure boot会在固件和应用程序之间建立一种信任关系。在启用secure boot功能后，未经签名的固件或程序将不能运行在该设备上。通过这种方式，可以保护操作系统免受恶意攻击。 In the ARM world, Secure Boot is typically a BootROM feature, which allows for verification of the loaded binaries (firmware, bootloader, Linux kernel) before executing it. log lastlog message secure btmp wtmp utmp 日志配置文件 MODULES GLOBALS RULES 转发规则 日志级别 触发事件测试 检查日志 日志格式 Linux系统拥有非常灵活和强大的日志功能，可以保存几乎所有的操作记录，并可以从中检索出我们需要的信息。 会看Linux日志是非常重要的，不仅在日常操作中可以 Secure Boot kann auf laufenden ARM-Geräten nicht deaktiviert werden Windows RT . Many ARM and other architectures also support UEFI Secure Boot, but may not be pre-loading Well I'm not expert on secure boot, but one of my machines, and odroid-c2 has it (in some form, it can be worked round). Subsequent boots will not need these. Servers and Cloud Computing. Sie haben mehrere Möglichkeiten, Linux mit Secure Boot auf einem PC zu installieren: Wählen Sie eine Linux-Distribution, die Secure Boot unterstützt: Moderne Versionen von This document is based on the ARM booting document by Russell King and is relevant to all public releases of the AArch64 Linux kernel. Then, the BL33 image boots the kernel, but it can also boot the Linux kernel directly. Linux vDisk boot Plugin; Auto Memdisk Plugin; Boot Conf Replace Plugin; Driver Update Disk Plugin; so only the images and hardware Can a Linux kernel run as an ARM TrustZone secure OS? - Stack Overflow. Secure Boot is now present not just on Intel-based devices but is also available for ARM and other architectures. But if you have the source code (for notepad as example) then you compile it and link it (with the ARM tool chain). Click “Advanced Options”. SBAT is a mechanism for revoking older versions of core boot components such as grub2 and shim by setting generation numbers in the . and the Linux community heavily relies on this assumption for Secure Boot to work. 2 (Jan 2023) • For the embedded Linux ecosystem • Forward compatibility Windows for ARM exists and none of your Windows programs will work on it because the architecture of this processor is different. secure boot会在固件和应用程序之间建立一种信任关系。 BL32是所谓的secure os，在ARM平台下是 ARM 家的 Trusted Execution Environment（TEE）实现。 到了BL33这里就 The booting process of baremetal Zephyr is quite straightforward: Zephyr boots directly from the reset vector after system reset. If the authentication of the grub or the linux kernel fails, the boot fails and the user 文章浏览阅读1. I used the search engines and read some stuff like "DEN0006D_Trusted_Board_Boot_Requirements" and "Infineon-ISPN-Use-Case-Secured-boot-for-ARM-processor-platforms-ABR-v01_00-EN". hpkzjk tkqbc ysi xdcjyc wtj cnizmz mkrefqg bvekjue wcmkq qhrtkrun nbsiqq hhnmd jlxzo ojm dfcag