topic Re: imx6 secure boot with encryption in i.MX Processors

imx6 secure boot with encryption

friederbaumgrat — Thu, 27 Oct 2016 13:13:39 GMT

Dear NXP community,

I have a board with an imx6 processor set in closed configuration (for secure boot).

Signing an image (or more) works perfectly fine.

Now I want to encrypt an image. That's where all the trouble begins.

First of all, I have to mention, that I don't want to encrypt the first image loaded after the ROM boot loader, but that shouldn't be a problem (or am I wrong?).

In order to use the encryption with the Code Signing Tool provided by nxp, I linked the tool with following commands:

cd ~/cst-2.3.2

gcc -o cst_encrypt -I ../hdr -L ../../../linux64/lib *.c -lfrontend -lcrypto

There were no errors reported.

Now the tool is able to encrypt my image.

After this I created a command sequence file with following content:

----- Beginn file.csf -----

[Header]
    Version = 4.1
    Hash Algorithm = sha256
    Certificate Format = X509
    Signature Format = CMS
    Engine = ANY
    Engine Configuration = 0
[Install SRK]
    File = "./crts/SRK_Table.bin"
    Source index = 0
[Install CSFK]
    File = "./crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Unlock]
    Engine = CAAM
    Features = RNG
[Install Key]
    File = "./crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
    Verification index = 0
    Target index = 2
[Authenticate Data]
    Verification index = 2
     Blocks = 0x10100000 0x0 0x1000 "image_to_be_encrypted"
[Install Secret Key]
    Verification index = 0
    Target index = 0
    Key = "dek.bin"
    Key Length = 256
    Blob address = 0x1017FFA0
[Decrypt Data]
    Verification index = 0
    Mac Bytes = 16
    Blocks = 0x10101000 0x1000 0xF000 "image_to_be_encrypted"

----- end file.csf -----

Now I am running:

./linux64/cst_encrypt --o encrypted.bin --i file.csf --cert ./crts/dek_protection_key.pem

The output is my signed and encrypted image. After this, I transfer the generated dek.bin to the imx6 board and create the key using the dek_blob function provided by uboot.

This output is attached to the image at the address 0x1017FFA0 and then padded to 0x80000.

When I transfer the image to my board, I have a little check function which checks whether the image is signed or not.

For this function I use the HAB function hab_status_t(* hab_rvt::run_csf)(const uint8_t *csf, uint8_t cid).

Using this function, I get no errors, but when I want to save the image I get this HAB event:

HAB Configuration: 0xcc HAB State: 0x99

---------- HAB EVENT 1 ----------
event data:
0xdb 0x00 0x1c 0x41 0x33 0x18 0xc0 0x1d
0xca 0x00 0x14 0x00 0x00 0xa3 0x00 0x00
0x00 0x00 0x0f 0x64 0x10 0x10 0x10 0x00
0x00 0x00 0xf0 0x00

I am pretty lost right now, I don't have any more ideas what I can do.

The image has a length of 0x80000 and is loaded to 0x10100000 in the boards RAM.

I have to mention, everything works smootly when I only use signed images.

I hope someone can help me.

Best wishes,

Frieder

Re: imx6 secure boot with encryption

Yuri — Fri, 28 Oct 2016 06:58:24 GMT

Hello,

The following may be helpful :

Encrypted U-boot Example

Encrypted boot loader on SabreSD i.MX6q board

https://boundarydevices.com/high-assurance-boot-hab-dummies/

Please use Appendix A (Interpreting HAB Event Data from Report_Event() API) of the
“HAB4_API.pdf” in the CST package to define the HAB event reason.

Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

Re: imx6 secure boot with encryption

friederbaumgrat — Fri, 28 Oct 2016 07:16:18 GMT

Hello Yuri,

I already saw these examples and read them carefully.

What I forgot to mention earlier,

encrypting the first image after the ROM boot loader works perfectly fine. My only problem is encrypting a second image.

Have a great day,

Frieder

Re: imx6 secure boot with encryption

friederbaumgrat — Mon, 31 Oct 2016 07:26:55 GMT

Hello YuriMuhin_ng,

I worked all of your information through and I still get this HAB event mentioned eralier.

With the help of "HAB4_API.pdf" I identificated the error.

So most likely my error says that I use a "Proprietary AEAD MAC format"...

Can you please explain, what this means?

Thanks in advance and have a grat day,

Frieder

Re: imx6 secure boot with encryption

Yuri — Tue, 01 Nov 2016 04:08:10 GMT

Hello,

Please try using parameter Engine = CAAM in [Header] section of Your .csf file.

Regards,

Yuri.

Re: imx6 secure boot with encryption

friederbaumgrat — Wed, 02 Nov 2016 07:23:32 GMT

Hello,

unfortunately the error still occurs....

The only thing that changed is the engine in the engine field (from 0x00 = ANY to 0x1d =CAAM)

I do have an other question:

Is i possible to encrypt more than one image or is the encryption limited to the first image after the ROM bootloader?

Regards,

Frieder

Re: imx6 secure boot with encryption

Yuri — Thu, 03 Nov 2016 05:10:52 GMT

Hello,

Please create request to get more details about the issue.

https://community.nxp.com/docs/DOC-329745

Regards,

Yuri.

Re: imx6 secure boot with encryption

friederbaumgrat — Wed, 16 Nov 2016 07:54:27 GMT

So for all of those in need, I share my solution to given problem:

First of all I checked the IVT if all the entries are correct.

Then I switched from using the function run_csf to authenticate_image.

Last but not least it is important to know, that (when using encryption) once the image is authentcated it is decrypted. So my error was that I checked the encrypted image bevor saving to NAND flash.

So I always saved an decrypted image to my flash and during boot there was an other function call of authenticate image.

This gave me HAB events, because the image which was loaded from nand flash was already decrypted.

Solution:

bevor testing the transmitted image I copied the image to an other address in RAM and tested the image. When there were no errers detected I copied the original (encrypted) image back to my loadaddress and saved this image.

=> Problem solved.

I hope this helps someone.

Regards Frieder