https://community.nxp.com/t5/i-MX-Processors/AHAB-validating-signed-OS-container/m-p/1339635#M180037 <P>Hi Oliver</P> <P>&nbsp;</P> <P>answer from team:</P> <P>---------------------</P> <P>If your test chip is not closed, then even the os container authentication failed, it won't effect the kernal boot.</P> <P>For os container, you can authenticate it by "auth_cntr addr" command in uboot.</P> <P>Then after run the command, you can use ahab_status to see if there are increasing ahab events, which is caused by authenticating os container, then you can know if the os container is signed correctly or not.</P> <P>---------------------</P> <P>Best regards<BR />igor</P> Tue, 14 Sep 2021 07:47:30 GMT igorpadykov 2021-09-14T07:47:30Z https://community.nxp.com/t5/i-MX-Processors/AHAB-validating-signed-OS-container/m-p/1333220#M179445 <P>Hi there,</P><P>I've managed successfully to create signed container files that will boot (mostly following <A href="https://source.codeaurora.org/external/imx/uboot-imx/tree/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt" target="_blank">https://source.codeaurora.org/external/imx/uboot-imx/tree/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt </A>and <A href="https://source.codeaurora.org/external/imx/uboot-imx/tree/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt" target="_blank">https://source.codeaurora.org/external/imx/uboot-imx/tree/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt</A>) without any SECO events after programming the fuses.</P><P>However, when I boot the signed Linux container, it will boot even if I have signed it with the wrong keys. I haven't yet closed the device, but I would have expected some sort of warning or the like anyway. Is there any way to check whether the authentication of the kernel container was successful or not without closing the device?</P> Wed, 01 Sep 2021 11:19:20 GMT https://community.nxp.com/t5/i-MX-Processors/AHAB-validating-signed-OS-container/m-p/1333220#M179445 OlegHahm 2021-09-01T11:19:20Z https://community.nxp.com/t5/i-MX-Processors/AHAB-validating-signed-OS-container/m-p/1339635#M180037 <P>Hi Oliver</P> <P>&nbsp;</P> <P>answer from team:</P> <P>---------------------</P> <P>If your test chip is not closed, then even the os container authentication failed, it won't effect the kernal boot.</P> <P>For os container, you can authenticate it by "auth_cntr addr" command in uboot.</P> <P>Then after run the command, you can use ahab_status to see if there are increasing ahab events, which is caused by authenticating os container, then you can know if the os container is signed correctly or not.</P> <P>---------------------</P> <P>Best regards<BR />igor</P> Tue, 14 Sep 2021 07:47:30 GMT https://community.nxp.com/t5/i-MX-Processors/AHAB-validating-signed-OS-container/m-p/1339635#M180037 igorpadykov 2021-09-14T07:47:30Z