Although securing the device involves programming the hash of a table of eight public key hashes into the OTP bits, only one key (number 0 by default) is used in the secure boot process. If this key gets compromised, you can revoke it and use a different key.
Revoking a key is an irreversible process. |
To revoke a key use the following key index for the signature of firmware images by setting TRUSTFENCE_KEY_INDEX
in your conf/local.conf
project configuration file as follows:
TRUSTFENCE_KEY_INDEX = "N"
where N (range 0..8) is the key index to use.
Using index N automatically revokes all keys below it (from N-1 to 0). |
Build your project image normally:
$ bitbake core-image-base
Revocation becomes effective on the device when you program the boot artifacts and boot it for the first time.