HAB signature failure on i.MX6

MickeyI — Wed, 05 Jun 2013 14:18:52 GMT

Hi,

I'm getting HAB signature failures, and I haven't found the cause yet. I'd appreciate any help in this matter.

I've added the hab_status command to u-boot, following riselab's neat documentation of HAB on i.MX6 with u-boot. The first HAB event I see when I run hab_status command is:

HAB Configuration: 0xf0 HAB State: 0x66

--------- HAB Event 1 -----------------

event data:

0xdb 0x00 0x1c 0x41 0x33 0x18 0xc0 0x00

0xca 0x00 0x14 0x00 0x02 0xc5 0x1b 0x00

0x00 0x00 0x0d 0x34 0x27 0x80 0x04 0x00

0x00 0x03 0x2c 0x00

According to the HAB API, this means a HAB Failure due to invalid signature with context of CSF (or DCD), where the start address is 0x27800400 and block length is 0x32C00. I'm using TEXT_BASE = 0x27800000.

The padded u-boot size I'm using is 0x33000 bytes, adding to this 8KB of CSF data makes u-boot-signed-pad.bin size 0x35000 bytes.

The IVT (and boot_data struct) in the u-boot image, at offset 0x400 is:

00000400 d1 00 20 40 20 08 80 27 00 00 00 00 2c 04 80 27 |.. @ ..'....,..'|

00000410 20 04 80 27 00 04 80 27 00 30 83 27 00 00 00 00 | ..'...'.0.'....|

00000420 00 00 80 27 00 50 03 00 00 00 00 00 d2 03 f0 40 |...'.P.........@|

I can see the u-boot's data on address 0x27800820, and it's the same as the data in u-boot's 0x820 offset.

However, there's no trace of the IVT on address 0x27800400:

U-Boot > md 0x27800400 0xc

27800400: 00000000 00000000 00000000 00000000 ................

27800410: 00000000 00000000 00000000 00000000 ................

27800420: 00000000 00000000 00000000 00000000 ................

A couple of questions:

1. What is the value that the HAB event data of the 5th word (0x00 0x00 0x0d 0x34) means? It says in the HAB API example that this is a "signature start address (relative offset from CSF address in IVT)". This puts is on address of 0x33d34. is that the signature of the CSF file? What's its size? 256 bits? Is that suppose to match the SRK[255:0] OTP fuse values?

2. How do I see the link between the SRK hash I burned and the CSF signature?

3. Why doesn't 0x27800400 contain the IVT, as exists on offset 0x400 in the u-boot.bin file?

4. How do I get HAB to work correctly? what am I missing here? :smileyhappy:

Thanks,

Mickey.

More details:

HAB Configuration: 0xf0 HAB State: 0x66

--------- HAB Event 1 -----------------

event data:

0xdb 0x00 0x1c 0x41 0x33 0x18 0xc0 0x00

0xca 0x00 0x14 0x00 0x02 0xc5 0x1b 0x00

0x00 0x00 0x0d 0x34 0x27 0x80 0x04 0x00

0x00 0x03 0x2c 0x00

--------- HAB Event 2 -----------------

event data:

0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

0x00 0x00 0x00 0x00 0x27 0x80 0x04 0x00

0x00 0x00 0x00 0x20

--------- HAB Event 3 -----------------

event data:

0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

0x00 0x00 0x00 0x00 0x27 0x80 0x04 0x2c

0x00 0x00 0x03 0xf0

--------- HAB Event 4 -----------------

event data:

0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

0x00 0x00 0x00 0x00 0x27 0x80 0x04 0x20

0x00 0x00 0x00 0x01

--------- HAB Event 5 -----------------

event data:

0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

0x00 0x00 0x00 0x00 0x27 0x80 0x08 0x20

0x00 0x00 0x00 0x04

CSF file used:

[Header]

Version = 4.0

Hash Algorithm = sha256

Engine = ANY

Engine Configuration = 0

Certificate Format = X509

Signature Format = CMS

[Install SRK]

File = "../crts/SRK_1_2_3_4_table.bin"

Source index = 0

[Install CSFK]

File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]

Verification index = 0

Target index = 2

File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate Data]

Verification index = 2

Engine = ANY

Blocks = 0x27800400 0x400 0x32C00 "/my/path/to/u-boot/u-boot-pad.bin"

Re: HAB signature failure on i.MX6

Yuri — Fri, 02 Aug 2013 09:43:36 GMT

The following may be useful.

https://community.freescale.com/message/332405#332405

i.MX Processors中的主题 Re: HAB signature failure on i.MX6

HAB signature failure on i.MX6

Re: HAB signature failure on i.MX6