MTK Secure Boot Use process summary

Objective: In the actual production process, we do not like our own mobile phone or tablet ROM whether it is the system part or other parts of the disturbed good people to brush the other third-party ROM pre-built spam. So this is the thing that integrates the chip encryption.

Here are some of the steps and points that you have summed up in your learning process.

[Security]software_secure_boot_introduction.pdf

1. Why do you want to do this process?
For the WV LEVEL3 for DRM contents ' protection
2.Software Secure Boot
Only certified software can boot
Secro image controls all download and boot check
When locked Secro is downloaded, format and other operations will not be executed.
Brom operation will be permanently banned
DA needs to check Preloader
The steps for lock and UNLOCK are either lock Secro or UNLOCK secro image
3. When a machine has been downloaded locked secro, then the behavior is divided into three kinds
Default locked Secro (the two types of behavioral difference tables have some doubts) (developers use, can format,download)
Factory Locked (Factory upgrade Secro, so that users can not format,download preloader, only download signed image)
Unlock Secro
4. Configure a signed DA and Flash tool PAGE20
5. Note the update Secro to Factory mode in the factory process. If you are using the MDT tool, you need to upgrade P22
Note unsigned loader and signed loader with the same user name

mtk_sw_secure_boot_customization_notes.pdf
1.Sign da Process
2. Impact on OTA
Some limitations of 3.MDT tools: Factory Lock cannot use MDT to format, Flash tool can
4.authenitcation.dll
5.Sign Modem
6. Simple and customized process
(1) Read software_secure_boot_customization (1). pdf
(2) Read mtk_sw_secure_boot_customization_notes.pdf
(3) Generate the public key (note that there are spaces on both sides of the = sign)
(4) Signature of Da
(5) Compiling software
(x) Ensure proper configuration
(x) using key pairs
(x) Copy all files out
(x) Generate checksum for MDT tool
(x) Modify the Flash/mdt tool to fit

customized_secure_image_support** Key Content * *
1.MTK only supports OTA upgrade of partial image
2. If you have a custom partition, see the document

software_secure_boot_customization (1). pdf
1. Functions (Secure download check, boot check, version check, lock support (user restrictions for some operations such as format,download, etc.), unlock support)
2.Build Command List P9
3.Image Path P9
4. Methods for compiling different versions P10
5.BROM needs to check if the DA is encrypted, but this requires secure chip, so the non-secure chip needs to shut down Brom. Only use Preloader download mode (not modified, MP stage disable) after closing
6. Set up key library, MTK defined key is best changed; DA's key file requires source P15
7.Customer name modification, second item 6589 whether you need to modify bin P19
8.Version modification, front and rear versions cannot be rolled back, note that this version only needs to change if there is a serious problem, UI modification does not need P20
9.DA compilation do not know where the source code, how to edit
10. Modify the contents of the Flash tool P23
11.2.8.2 indicates the development of the compilation process
12.SECRO Introduction, the inside of the configuration, Secro is always able to download, he is the core.
13. If you are already a Factory mode machine and want format or download pl, you need to change the contents of the Secro image and sign download P42
14. How to generate RSA's own key P43
Private key OpenSSL genrsa-out Private.pem 1024
Public key OpenSSL rsa-text-in Private.pem-pubout in the MTK routine release tool has included Da Customization_kit_buildspec available to update da signature.
(such as W1348_full.zip\brom DLL and DA customization Kit (binary) \flashlib_da_exe_v7.1348.00.000.zip\flashlib_da_exe_ V7.1348.00.000\bin\customization_kit_buildspec.zip)