iMX6 secure boot HAB verification issue

afilippov — Fri, 07 Jun 2024 14:56:34 GMT

Hi everyone!

I faced with strange behavior of HAB and can't figure out where the mistake is.

So, here I have an already pre-generated key infrastructure and a signed u-boot image (legacy) which is left from the previous development (lets call it IMAGE 1). This image is designed to be uploaded via Serial Downloader (USB). After burning the fuses and checking the hab_status function in u-boot IMAGE 1, I have only one hab event (a warning) which, I believe, don't relate to the problem.

Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x24 0x42 0x69 0x30 0xe1 0x1d
0x00 0x04 0x00 0x02 0x40 0x00 0x36 0x06
0x55 0x55 0x00 0x03 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x01
STS = HAB_WARNING (0x69)
RSN = HAB_ENG_FAIL (0x30)
CTX = HAB_CTX_ENTRY (0xE1)
ENG = HAB_ENG_CAAM (0x1D)

So HAB verification seems to pass smoothly here with IMAGE 1.

I don't know how exactly IMAGE 1 was signed, so I reversed this image with csf_parser tool from cst 3.4.0 packet.
Based on parsed output from csf_parser I've created a .csf file and signed my own u-boot image using it (lets call it IMAGE 2).
The contents of .csf is below:

[Header]
Version = 4.1
Hash Algorithm = sha256
Engine = ANY
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "/home/faa/Workspace/nxp/secure_boot/cst-dev/SRK_1_2_3_4_table.bin"
Source index = 0 # Index of the key location in the SRK table to be installed
[Install CSFK]
# Key used to authenticate the CSF data
File = "/home/faa/Workspace/nxp/secure_boot/cst-dev/crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target index = 2
# Key to install
File = "/home/faa/Workspace/nxp/secure_boot/cst-dev/crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem"
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Address Offset Length Data File Path
Blocks = 0x177ff400 0x000000 0x67c00 "/home/faa/Workspace/nxp/secure_boot/test_signing/u-boot.imx", \
0x910000 0x00002c 0x318 "/home/faa/Workspace/nxp/secure_boot/test_signing/u-boot.imx"
[Unlock]
Engine = CAAM
Features = RNG

After calling hab_status in u-boot IMAGE 2 I see a plenty of HAB_FAILUREs.

Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x24 0x42 0x69 0x30 0xe1 0x1d
0x00 0x04 0x00 0x02 0x40 0x00 0x36 0x06
0x55 0x55 0x00 0x03 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x01
STS = HAB_WARNING (0x69)
RSN = HAB_ENG_FAIL (0x30)
CTX = HAB_CTX_ENTRY (0xE1)
ENG = HAB_ENG_CAAM (0x1D)

--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x24 0x42 0x33 0x18 0xc0 0x00
0xca 0x00 0x1c 0x00 0x02 0xc5 0x00 0x00
0x00 0x00 0x13 0x40 0x17 0x7f 0xf4 0x00
0x00 0x06 0x7c 0x00 0x00 0x91 0x00 0x00
0x00 0x00 0x03 0x18
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x00
0x00 0x00 0x00 0x20
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x20
0x00 0x00 0x00 0x01
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x80 0x00 0x00
0x00 0x00 0x00 0x04
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 6 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x91 0x00 0x00
0x00 0x00 0x03 0x18
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

I reversed IMAGE 2 using csf_parser tool and compared cert0.der, cert1.der and SRKTable.bin files with IMAGE 1 output. There are no differences.

faa@anton:~/Workspace/nxp/secure_boot/csf_parser_dir$ diff ./work/SRKTable.bin ./not_work/SRKTable.bin
faa@anton:~/Workspace/nxp/secure_boot/csf_parser_dir$ diff ./work/cert0.der ./not_work/cert0.der
faa@anton:~/Workspace/nxp/secure_boot/csf_parser_dir$ diff ./work/cert1.der ./not_work/cert1.der

So I'm sure that I used exactly the same set of keys to sign IMAGE 2 that IMAGE 1 was signed.

In the debug_log.txt file for both images the only difference is in the signatures itself, but it's OK for digital signatures, as far as I know.

I checked the Fuses table too after manually generating it via srktool using SRK certificates and it matches to the fuses value.

So my question is where did I go wrong and how is it possible?

Re: iMX6 secure boot HAB verification issue

kef2 — Sat, 08 Jun 2024 05:43:54 GMT

Since it is your custom U-Boot, I guess binary size doesn't match size of your former U-Boot. As well size of DCD may be little different. Both size mismatches would break authentication. Make sure whole "Blocks = " record matches your image.

Re: iMX6 secure boot HAB verification issue

afilippov — Mon, 10 Jun 2024 10:48:05 GMT

I've already checked this and for my case binary size and DCD size are similar. And even more: DCDs are equal for IMAGE 1 and IMAGE 2 (they are running on the same board).
So this is not the key to this problem (

Re: iMX6 secure boot HAB verification issue

kef2 — Tue, 11 Jun 2024 09:35:58 GMT

So certificates are the same, image IVT and Boot Data structs are the same, and still no go?

Are you using uuu or imxusb to boot over USB? AFAIK uuu needs no other manipulations, just running cst with csf file containing additional Blocks= record for DCD in SRAM. imxusb additionally requires signing image with cleared DCD pointer in IVT. You HAB event 2 seems mentioning SRAM area @ 910000

--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x24 0x42 0x33 0x18 0xc0 0x00
0xca 0x00 0x1c 0x00 0x02 0xc5 0x00 0x00
0x00 0x00 0x13 0x40 0x17 0x7f 0xf4 0x00
0x00 0x06 0x7c 0x00**0x00 0x91 0x00 0x00**
0x00 0x00 0x03 0x18

Some iMX6's need programmed SRK fuses. Newer IC's allow testing HAB signing with blank SRK fuses.

Re: iMX6 secure boot HAB verification issue

afilippov — Tue, 18 Jun 2024 12:17:42 GMT

Looking to this HAB Event 2 I figured out that the problem is with key with index 2.

--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x24 0x42 0x33 0x18 0xc0 0x00
0xca 0x00 0x1c 0x00 0x02 0xc5 0x00 0x00
0x00 0x00 0x13 0x40 0x17 0x7f 0xf4 0x00
0x00 0x06 0x7c 0x00 0x00 0x91 0x00 0x00
0x00 0x00 0x03 0x18

Cause according to HAB4 RM the first byte of the 4-th word contains key index.

That's why I assume that here we have successfully passed SRK table verification, CSF key installation, IMG key installation, CSF verification and failed during [Authenticate Data] command.

But I still can't understand where is the mistake:(

P.S
Answering your question: I use uuu to uppload u-boot image

topic Re: iMX6 secure boot HAB verification issue in i.MX Processors

iMX6 secure boot HAB verification issue

Re: iMX6 secure boot HAB verification issue

Re: iMX6 secure boot HAB verification issue

Re: iMX6 secure boot HAB verification issue

Re: iMX6 secure boot HAB verification issue