i.MX ProcessorsのトピックRe: How to enable secure boot for IMX8MM

How to enable secure boot for IMX8MM

Ben_Teng — Tue, 23 May 2023 06:09:07 GMT

Hello,

Currently I'm working on Enable SecureBoot, would anyone guide me and point me out what steps I missed?

Here's my step as below:

Step 1. download cst-3.3.1.tgz

Step 2. tar xvf cst-3.3.1.tgz && cd cst-3.3.1/keys

Step 3. cst-3.3.1/keys

$ echo "4242424E" > ser

$ echo "test" > key_pass.txt

$ echo "test" >> key_pass.txt

$ ./hab4_pki_tree.sh

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This script is a part of the Code signing tools for Freescale's
High Assurance Boot. It generates a basic PKI tree. The PKI
tree consists of one or more Super Root Keys (SRK), with each
SRK having two subordinate keys:
+ a Command Sequence File (CSF) key
+ Image key.
Additional keys can be added to the PKI tree but a separate
script is available for this. This this script assumes openssl
is installed on your system and is included in your search
path. Finally, the private keys generated are password
protectedwith the password provided by the file key_pass.txt.
The format of the file is the password repeated twice:
my_password
my_password
All private keys in the PKI tree are in PKCS #8 format will be
protected by the same password.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Do you want to use an existing CA key (y/n)?: n
Do you want to use Elliptic Curve Cryptography (y/n)?: n
Enter key length in bits for PKI tree: 2048
Enter PKI tree duration (years): 20
How many Super Root Keys should be generated? 4
Do you want the SRK certificates to have the CA flag set? (y/n)?: y

Step 4. cd ../crts &&

../linux64/bin/srktool \
> -h 4 \
> -t SRK_1_2_3_4_table.bin \
> -e SRK_1_2_3_4_fuse.bin \
> -d sha256 \
> -c ./SRK1_sha256_2048_65537_v3_ca_crt.pem,\
> ./SRK2_sha256_2048_65537_v3_ca_crt.pem,\
> ./SRK3_sha256_2048_65537_v3_ca_crt.pem,\
> ./SRK4_sha256_2048_65537_v3_ca_crt.pem

Number of certificates = 4
SRK table binary filename = SRK_1_2_3_4_table.bin
SRK Fuse binary filename = SRK_1_2_3_4_fuse.bin
SRK Fuse binary dump:
SRK HASH[0] = 0xDA7CCBEB
SRK HASH[1] = 0xD7D9F573
SRK HASH[2] = 0x20DEBFD6
SRK HASH[3] = 0x0E4AAC11
SRK HASH[4] = 0xB0965A65
SRK HASH[5] = 0x1A89C7DA
SRK HASH[6] = 0x6D960E3F
SRK HASH[7] = 0xE080A6D8

Step 5. CONFIG_SECURE_BOOT=y In uboot then rebuild it.

Step 6.

$ cp imx-uboot/tools/mkimage ./imx-mkimage/iMX8M/mkimage_uboot
$ cp imx-uboot/arch/arm/dts/myb-imx8mm-base.dtb ./imx-mkimage/iMX8M/fsl-imx8mm-ddr4-evk.dtb
$ cp imx-uboot/spl/u-boot-spl.bin ./imx-mkimage/iMX8M/
$ cp imx-uboot/u-boot-nodtb.bin ./imx-mkimage/iMX8M/

# firmware-imx-8.7
$ cp firmware-imx-8.7/firmware/ddr/synopsys/ddr4_dmem_1d.bin ./imx-mkimage/iMX8M/
$ cp firmware-imx-8.7/firmware/ddr/synopsys/ddr4_dmem_2d.bin ./imx-mkimage/iMX8M/
$ cp firmware-imx-8.7/firmware/ddr/synopsys/ddr4_imem_1d.bin ./imx-mkimage/iMX8M/
$ cp firmware-imx-8.7/firmware/ddr/synopsys/ddr4_imem_2d.bin ./imx-mkimage/iMX8M/

# imx8mm-atf
$ cp imx-atf/build/imx8mm/release/bl31.bin ./imx-mkimage/iMX8M/

$ cd imx-mkimage
$ make SOC=iMX8MM clean
$ make SOC=iMX8MM flash_ddr4_evk

========= OFFSET dump =========
Loader IMAGE:
header_image_off 0x0
dcd_off 0x0
image_off 0x40
csf_off 0x2c600
spl hab block: 0x7e0fc0 0x0 0x2c600

Second Loader IMAGE:
sld_header_off 0x57c00
sld_csf_off 0x58c20
sld hab block: 0x401fcdc0 0x57c00 0x1020

$ make SOC=iMX8MM print_fit_hab_ddr
./../scripts/pad_image.sh bl31.bin
./../scripts/pad_image.sh u-boot-nodtb.bin fsl-imx8mm-ddr4-evk.dtb
TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 VERSION=v1 ./print_fit_hab.sh 0x60000 fsl-imx8mm-ddr4-evk.dtb
0x40200000 0x5AC00 0x9BDB0
0x4029BDB0 0xF69B0 0x83B0
0x920000 0xFED60 0xA160

Step 7. Copy template from imx-uboot source code

$ cp ./myir-imx-uboot/doc/imx/habv4/csf_examples/mx8m/csf_fit.txt cst-3.3.1

$ cp ./myir-imx-uboot/doc/imx/habv4/csf_examples/mx8m/csf_spl.txt

Step 8. Modify Blocks in csf_spl.txt

Blocks = 0x7e0fc0 0x0 0x2c600 "flash.bin"

Step 9. Modify Blocks in csf_fit.txt

Blocks = 0x401fcdc0 0x57c00 0x1020 "flash.bin" \

0x40200000 0x5AC00 0x9BDB0 "flash.bin" \
0x4029BDB0 0xF69B0 0x83B0 "flash.bin" \
0x920000 0xFED60 0xA160 "flash.bin"

Step 10. Signed flash.bin then updating uboot

$ ../linux64/bin/cst -i csf_spl.txt -o csf_spl.bin
Install SRK
Install CSFK
Authenticate CSF
Install key
Authenticate data
CSF Processed successfully and signed data available in csf_spl.bin
$ ../linux64/bin/cst -i csf_fit.txt -o csf_fit.bin
Install SRK
Install CSFK
Authenticate CSF
Install key
Authenticate data
CSF Processed successfully and signed data available in csf_fit.bin

$ cp flash.bin signed_flash.bin

$ dd if=csf_spl.bin of=signed_flash.bin seek=$((0x2c600)) bs=1 conv=notrunc
3912+0 records in
3912+0 records out
3912 bytes (3.9 kB, 3.8 KiB) copied, 0.00899194 s, 435 kB/s
$ dd if=csf_fit.bin of=signed_flash.bin seek=$((0x58c20)) bs=1 conv=notrunc
3928+0 records in
3928+0 records out
3928 bytes (3.9 kB, 3.8 KiB) copied, 0.00964808 s, 407 kB/s

$ dd if=/tmp/signed_flash.bin of=/dev/mmcblk1 bs=1k seek=33 && sync && reboot

Step11. check hab_status

u-boot=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x21 0xc0 0x00
0xbe 0x00 0x0c 0x00 0x03 0x17 0x00 0x00
0x00 0x00 0x00 0x68

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_CERTIFICATE (0x21)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x40 0x1f 0xdd 0xc0
0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x7e 0x0f 0xc0
0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x7e 0x0f 0xe0
0x00 0x00 0x00 0x01

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x7e 0x10 0x00
0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 6 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x40 0x1f 0xcd 0xc0
0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 7 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x21 0xc0 0x00
0xbe 0x00 0x0c 0x00 0x03 0x17 0x00 0x00
0x00 0x00 0x00 0x58

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_CERTIFICATE (0x21)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

Step 12. fuse program

u-boot=> fuse prog 6 0 0xDA7CCBEB
u-boot=> fuse prog 6 1 0xD7D9F573
u-boot=> fuse prog 6 2 0x20DEBFD6
u-boot=> fuse prog 6 3 0x0E4AAC11
u-boot=> fuse prog 7 0 0xB0965A65
u-boot=> fuse prog 7 1 0x1A89C7DA
u-boot=> fuse prog 7 2 0x6D960E3F
u-boot=> fuse prog 7 3 0xE080A6D8

u-boot=> fuse prog 0 0 0x200

u-boot=> fuse prog 1 3 0x8000000

u-boot=> fuse prog 1 3 0x200000

u-boot=> fuse prog 1 3 0xC00000

u-boot=> reset

After resetting, iMX8MM can not bootup, could anyone help me clarify this?

I'm wondering what the correct way is or what steps I missed/wrong?

Re: How to enable secure boot for IMX8MM

Harvey021 — Mon, 29 May 2023 08:00:13 GMT

Hi @Ben_Teng

"Step 5. CONFIG_SECURE_BOOT=y In uboot then rebuild it. "

Not sure what version of U-Boot you are using. It should be CONFIG_IMX_HAB=y if you are using newer U-Boot BSP.

Best regards

Harvey

Re: How to enable secure boot for IMX8MM

Ben_Teng — Thu, 01 Jun 2023 06:20:46 GMT

Hi @Harvey021 ,

Thanks for your reply!

Currently I'm using U-Boot 2019.04.

Is it alright? Thanks again!

Best Regards,

Ben

Re: How to enable secure boot for IMX8MM

Harvey021 — Thu, 01 Jun 2023 09:24:51 GMT

Can you please share both your csf files? and would be better with your signed and unsigned images.

Best regards

Harvey

Re: How to enable secure boot for IMX8MM

Ben_Teng — Fri, 02 Jun 2023 09:32:55 GMT

Hi @Harvey021 ,

Thanks for your reply!

Here's csf files and unsigned/signed images as attachment.

Thanks again!

Best Regards,

Ben

Re: How to enable secure boot for IMX8MM

Harvey021 — Fri, 02 Jun 2023 14:06:25 GMT

Hi @Ben_Teng

Authenticate Data in your csf for fit should be matched as printed by print_fit_hab_ddr.

These mismatched lines marked with red as attached.

Best regards

Harvey

Re: How to enable secure boot for IMX8MM

Ben_Teng — Mon, 05 Jun 2023 03:13:18 GMT

Hi @Harvey021 ,

Thanks for your reply!

Oops! Most likely I forgot to revise it.

In this case, do I have any chance to rescue it back?

It cannot boot up due to my mistake.

Besides, would you please help me to check if my images and csf files correct or not when I rebuild it?

I would like to build it again.

Many thanks!

Best Regards,

Ben

Re: How to enable secure boot for IMX8MM

Harvey021 — Mon, 05 Jun 2023 05:36:13 GMT

You can retry to sign your boot image with correct csf files. It should be no problem, I don't see your fuse operation with error which will cause chip bricked if so.

Best regards

Harvey

Re: How to enable secure boot for IMX8MM

Ben_Teng — Tue, 06 Jun 2023 07:10:28 GMT

Hi @Harvey021 ,

Thanks for your reply!

The chip still bricked, let me attach csf & image I used currently again.

Is there anything wrong?

$ build_boot.sh

include misc.mak
include m4.mak
include android.mak
include test.mak
include autobuild.mak
include rev_a.mak
include alias.mak
imx8qm clean done
include misc.mak
include m4.mak
include android.mak
include test.mak
include autobuild.mak
include rev_a.mak
include alias.mak
imx8qx clean done
Compiling mkimage_imx8
PLAT=imx8mm HDMI=no
Compiling mkimage_imx8
gcc -O2 -pipe -g -feliminate-unused-debug-types mkimage_imx8.c -o mkimage_imx8 -lz
24564+0 records in
24564+0 records out
98256 bytes (98 kB, 96 KiB) copied, 0.0506418 s, 1.9 MB/s
./../scripts/pad_image.sh bl31.bin
bl31.bin is padded to 41312
./../scripts/pad_image.sh u-boot-nodtb.bin fsl-imx8mm-ddr4-evk.dtb
u-boot-nodtb.bin + fsl-imx8mm-ddr4-evk.dtb are padded to 672096
DEK_BLOB_LOAD_ADDR=0x40400000 TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 ./mkimage_fit_atf.sh fsl-imx8mm-ddr4-evk.dtb > u-boot-ddr4-evk.its
bl31.bin size:
41312
u-boot-nodtb.bin size:
638376
fsl-imx8mm-ddr4-evk.dtb size:
33720
./mkimage_uboot -E -p 0x3000 -f u-boot-ddr4-evk.its u-boot-ddr4-evk.itb
u-boot-ddr4-evk.its:7.11-14.5: Warning (unit_address_vs_reg): /images/uboot@1: node has a unit name, but no reg property
u-boot-ddr4-evk.its:15.9-20.5: Warning (unit_address_vs_reg): /images/fdt@1: node has a unit name, but no reg property
u-boot-ddr4-evk.its:21.9-29.5: Warning (unit_address_vs_reg): /images/atf@1: node has a unit name, but no reg property
u-boot-ddr4-evk.its:34.12-39.5: Warning (unit_address_vs_reg): /configurations/config@1: node has a unit name, but no reg property
FIT description: Configuration to load ATF before U-Boot
Created: Tue Jun 6 14:16:06 2023
Image 0 (uboot@1)
Description: U-Boot (64-bit)
Created: Tue Jun 6 14:16:06 2023
Type: Standalone Program
Compression: uncompressed
Data Size: 638376 Bytes = 623.41 KiB = 0.61 MiB
Architecture: AArch64
Load Address: 0x40200000
Entry Point: unavailable
Image 1 (fdt@1)
Description: fsl-imx8mm-ddr4-evk
Created: Tue Jun 6 14:16:06 2023
Type: Flat Device Tree
Compression: uncompressed
Data Size: 33720 Bytes = 32.93 KiB = 0.03 MiB
Architecture: Unknown Architecture
Image 2 (atf@1)
Description: ARM Trusted Firmware
Created: Tue Jun 6 14:16:06 2023
Type: Firmware
Compression: uncompressed
Data Size: 41312 Bytes = 40.34 KiB = 0.04 MiB
Architecture: AArch64
OS: Unknown OS
Load Address: 0x00920000
Default Configuration: 'config@1'
Configuration 0 (config@1)
Description: fsl-imx8mm-ddr4-evk
Kernel: unavailable
Firmware: uboot@1
FDT: fdt@1
Loadables: atf@1
./mkimage_imx8 -version v1 -fit -loader u-boot-spl-ddr4.bin 0x7E1000 -second_loader u-boot-ddr4-evk.itb 0x40200000 0x60000 -out flash.bin
Platform: i.MX8M (mScale)
ROM VERSION: v1
Using FIT image
LOADER IMAGE: u-boot-spl-ddr4.bin start addr: 0x007e1000
SECOND LOADER IMAGE: u-boot-ddr4-evk.itb start addr: 0x40200000 offset: 0x00060000
Output: flash.bin
========= IVT HEADER [HDMI FW] =========
header.tag: 0x0
header.length: 0x0
header.version: 0x0
entry: 0x0
reserved1: 0x0
dcd_ptr: 0x0
boot_data_ptr: 0x0
self: 0x0
csf: 0x0
reserved2: 0x0
boot_data.start: 0x0
boot_data.size: 0x0
boot_data.plugin: 0x0
========= IVT HEADER [PLUGIN] =========
header.tag: 0x0
header.length: 0x0
header.version: 0x0
entry: 0x0
reserved1: 0x0
dcd_ptr: 0x0
boot_data_ptr: 0x0
self: 0x0
csf: 0x0
reserved2: 0x0
boot_data.start: 0x0
boot_data.size: 0x0
boot_data.plugin: 0x0
========= IVT HEADER [LOADER IMAGE] =========
header.tag: 0xd1
header.length: 0x2000
header.version: 0x41
entry: 0x7e1000
reserved1: 0x57c00
dcd_ptr: 0x0
boot_data_ptr: 0x7e0fe0
self: 0x7e0fc0
csf: 0x80d5c0
reserved2: 0x0
boot_data.start: 0x7e0bc0
boot_data.size: 0x2ea60
boot_data.plugin: 0x0
========= OFFSET dump =========
Loader IMAGE:
header_image_off 0x0
dcd_off 0x0
image_off 0x40
csf_off 0x2c600
spl hab block: 0x7e0fc0 0x0 0x2c600

Second Loader IMAGE:
sld_header_off 0x57c00
sld_csf_off 0x58c20
sld hab block: 0x401fcdc0 0x57c00 0x1020

imx-mkimage $ make SOC=iMX8MM print_fit_hab_ddr4
./../scripts/pad_image.sh bl31.bin
./../scripts/pad_image.sh u-boot-nodtb.bin fsl-imx8mm-ddr4-evk.dtb
TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 VERSION=v1 ./print_fit_hab.sh 0x60000 fsl-imx8mm-ddr4-evk.dtb
0x40200000 0x5AC00 0x9BDA8
0x4029BDA8 0xF69A8 0x83B8
0x920000 0xFED60 0xA160

Thanks again!

Best Regards,

Ben

Re: How to enable secure boot for IMX8MM

Harvey021 — Wed, 07 Jun 2023 08:28:46 GMT

Can you tell more details about device bricked?

Not sure what will happen when you do fuse 1 3 0x8000000, as I see this bit reserved.

If you close device, have you compared SRK fuse with SRK table?

You can try to boot your signed image on a not-closed device.

Are you using your own script (build_boot.sh) to build uboot? then have you tried an unsigned image which can be booted on a not-closed device?

So far, I can't find problems from your csf and images.

Best regards

Harvey

Re: How to enable secure boot for IMX8MM

rudi_cyber — Wed, 07 Jun 2023 12:20:51 GMT

I use the tools in cst to parse the signed_flash.bin in secureboot_csf_image.zip and re-create the hash.

hexdump SRK_fuses.bin
0000000 cbeb da7c f573 d7d9 bfd6 20de ac11 0e4a
0000010 5a65 b096 c7da 1a89 0e3f 6d96 a6d8 e080

It is correct.

The big problem is:

You didn't follow the document in uboot-imx\doc\imx\habv4\guides\mx8m_secure_boot.txt.

The only fuse to enable the security boot on 8MM is

- Program SEC_CONFIG[1] fuse on i.MX8M family devices:

=> fuse prog 1 3 0x2000000

You didn't do that.

But you program the SRK_LOCK (fuse prog 0 0 0x200).

It is not the i.MX8MM document.

But according to my i.MX6 experience.

If the SRK_LOCK is set, even the ROM security boot cannot read the srk table.

So, you board gets bricked for ever.

Re: How to enable secure boot for IMX8MM

Ben_Teng — Fri, 09 Jun 2023 06:06:52 GMT

Hi @Harvey021 ,

I just followed the documentation.

If you close device, have you compared SRK fuse with SRK table?

-> Ah, no I didn't compared SRK fuse with SRK table.

Are you using your own script (build_boot.sh) to build uboot? then have you tried an unsigned image which can be booted on a not-closed device?

-> Yes, I use my script to build uboot, final it will generate flash.bin.

-> I can use flash.bin for good so far.

I have a question here, can we boot up the device which not be fused with signed image?

The device can boot up yet I'm not sure it is make sense or not.

Thanks

Best Regards,

Ben

Re: How to enable secure boot for IMX8MM

Ben_Teng — Fri, 09 Jun 2023 06:11:13 GMT

Hi @rudi_cyber ,

Thanks for your reply,

I'll read uboot-imx\doc\imx\habv4\guides\mx8m_secure_boot.txt closely.

According to your experience, could I just only program the fuse as below?

Thanks again!

Best Regards,

Ben

Re: How to enable secure boot for IMX8MM

Ben_Teng — Fri, 09 Jun 2023 08:18:07 GMT

Hi @Harvey021 ,

I've a question about output of U-boot Command "hab_status".

I just read the document "mx8m_secure_boot.txt" a few minutes ago, it says that

"Prior to closing the device users should ensure no HAB events were found",

we should not get any HAB Event when I called "hab_status" after we programming SRK Hash, right?

In this case the command output as below means something is wrong, am I right?