6. Program the encrypted artifacts
The signed and encrypted artifacts can be flashed using standard procedures for programming a boot partition. However, in order to use any encrypted artifact, the following additional requirements must be met:
- You must use a closed device.
- The device must contain a U-Boot image encrypted with the same key in the uboot partition.
To program the linux partition containing all the encrypted artifacts:
=> update linux tftp core-image-base.boot.ubifs
To program the recovery partition containing all the encrypted artifacts:
=> update recovery tftp core-image-base.recovery.ubifs
The device now boots into a trusted Linux kernel.
PDF
