Although securing the device involves programming the hash of a table of eight public key hashes into the OTP bits, only one key (number 0 by default) is used in the secure boot process. If this key gets compromised, you can revoke it and use a different key.

Revoking a key is an irreversible process.

To revoke a key use the following key index for the signature of firmware images by setting TRUSTFENCE_KEY_INDEX in your conf/local.conf project configuration file as follows:


where N (range 0..8) is the key index to use.

Using index N automatically revokes all keys below it (from N-1 to 0).

Build your project image normally:

$ bitbake core-image-base

Revocation becomes effective on the device when you program the boot artifacts and boot it for the first time.