topic Re: Doubt regarding ahab secure boot in i.MX Processors

Doubt regarding ahab secure boot

Gorka_3 — Wed, 08 May 2024 09:03:58 GMT

Hello,

I have just take a loot at this presentation:

IoT Security: Unveiling the Power of Secure Boot, Chain of Trust and IP Protection on IoT on i.MX 9 Applications Processors | NXP Semiconductors

Regarding the secure boot at loading the secure bootloader this info is provided:

The corresponding previously created public key's fuse values are generated and flashed onto the OTP fuses.

Here a signed image is loaded and validated without ELE events.

At last, after having tested a signed image, it closes ahab.

I don't understand exactly what does ahab_close do.

Let's say that we have the fuses already burned (regarding SRK table) and now we load a signed bootloader with CONFIG_AHAB_BOOT=y in u-boot. If ahab_close is not done does it mean that the bootaloder is anyway verified but even if it does not match the signature it boots anyway? And after closing ahab does it mean that this time only properly signed images are booted?

Best regards,

Gorka.

Re: Doubt regarding ahab secure boot

Harvey021 — Thu, 09 May 2024 07:45:14 GMT

Hi,

That is correct.

Regards

Harvey

Re: Doubt regarding ahab secure boot

Gorka_3 — Thu, 09 May 2024 07:55:00 GMT

Hi,

Thank you for your reply. I have already builded a signed-flash.bin following this guide:

uboot-imx/doc/imx/ahab/guides/mx8ulp_9x_secure_boot.txt at lf-6.1.22-2.0.0 · nxp-imx/uboot-imx · GitHub

I have flashed the bootloader to an sd and booted from it. No fuses have been flashed yet so they are as if srk table is all zeroes. The ahab_status i get is as follows:

I have two questions. I see two ele events (two containers have been verified). The first one must be the global container (spl, ddr bin, ahab container and uboot+atf+tee container). It throws a bad key hash (since I haven't flash fuses yet its fine). But the second event indicates that the failure type is no authentication, does this mean that this second container haven't been signed (I am sure I have done it as in the guide is suggested)? And why there are no three events as ther eare three containers?

Re: Doubt regarding ahab secure boot

Harvey021 — Fri, 10 May 2024 03:48:31 GMT

Yes, event tells that not signed.

A container can contain one or more images which will also record events if with verification error.

Regards

Harvey

Re: Doubt regarding ahab secure boot

Gorka_3 — Fri, 10 May 2024 06:27:02 GMT

Your are right, it was not signed. Seems like there was an error in my script, now both containers throw the same bad hash error.

Anyway, I would like to test if the generated image would match the hash with the correct srk table. Isn't it any script to verify this signature check? As far as fuses cannot be overriden in imx9, I don't see other option as trusting that the signature is correctly done and that it will boot correctly.

Re: Doubt regarding ahab secure boot

Harvey021 — Mon, 13 May 2024 06:07:11 GMT

There is no such script for imx93, but you can have a try with openssl command. By the way, the SRK fuses have to be burned in case of close.

Regards

Harvey