fail to generate signed boot image from my own bootloader

goodboy2024 · ‎12-19-2024

Hello,

Our product board use imxrt1061. There are two parts in our firmware running on RT1061, bootloader and app.The firmware is saved on extern QSPI Nor flash.We want to use HAB to secure the bootloader.But I cannot generate signed binary file from bootloader.elf using elftosb.Attached zip file is the bootloader.efl and bd file.The bd file is the same as the one in fold Flashloader_RT106x_1.0_GA\Tools\bd_file\imx10xx.The command execution is as below:

c:\work\project\LYG\secure_boot\Flashloader_RT106x_1.0_GA\Tools\elftosb\win>elftosb -f imx -V -d -c imx-flexspinor-normal-signed.bd -o bootloader_signed.bin bootloader.elf
positional args:
0: bootloader.elf
source elfFile => extern(0=bootloader.elf)
Section: 0x14
Section: 0x15
Section: 0x16
Section: 0x18
Section: 0x19
Section: 0x1a
Section: 0x1f
Section: 0x21
filtering sections of file: bootloader.elf
creating segment for section RW_m_config_text
creating segment for section RW_m_ivt_text
creating segment for section VECTOR_ROM
creating segment for section ER_m_text
creating segment for section RW_m_data1

Could you help me figure out what I might be doing wrong ?

Sam_Gao · ‎12-20-2024

Hi @goodboy2024

Please give more details with error log, I am not sure which version are you using, how to reproduce it. I checked from my side, it seems works well.

FYI: https://www.nxp.com/docs/en/user-guide/MBOOTELFTOSBUG.pdf

$ elftosb.exe -v

elftosb 4.0.0
Copyright (c) 2004-2015 Freescale Semiconductor, Inc.
Copyright 2016-2018 NXP
All rights reserved.

$ elftosb.exe -f imx -V -d -c imx-flexspinor-normal-signed.bd -o bootloader_signed.bin bootloader.elf

positional args:
0: bootloader.elf
source elfFile => extern(0=bootloader.elf)
Section: 0x14
Section: 0x15
Section: 0x16
Section: 0x18
Section: 0x19
Section: 0x1a
Section: 0x1f
Section: 0x21
filtering sections of file: bootloader.elf
creating segment for section RW_m_config_text
creating segment for section RW_m_ivt_text
creating segment for section VECTOR_ROM
creating segment for section ER_m_text
creating segment for section RW_m_data1

goodboy2024 · ‎12-22-2024

Hi Sam,

Thanks for your reply.In my environment,elftosb can work but no effective output.The size of bootloader_signed.bin is 0.My elftosb version is also 4.0.0.

Can you check your output in your side?

goodboy2024 · ‎12-25-2024

Hi Sam,

The signed image is generated with a GUI tool.Attached has four image files:

BOOTLOADER.axf/BOOTLOADER.bin: generated by our ARM MDK project

ivt_BOOTLOADER_signed.bin/ ivt_BOOTLOADER_signed_nopadding.bin：generated by NXP-MCUBootUtility-6.3.0

I program BOOTLOADER.bin to our product board with JLINK,the board can setup .

ivt_BOOTLOADER_signed.bin or ivt_BOOTLOADER_signed_nopadding.bin is programed the same way,the board cannot setup.

Is there anything wrong with the signed image? Could you help me figure out?

Sam_Gao · ‎01-13-2025

Would you please help give more details step by step? how about the trace log when issue happened?

Here is a chinese guide https://www.cnblogs.com/henjay724/p/10189593.html , please note it depends hab cst tools.

Sam_Gao · ‎12-24-2024

Hi @goodboy2024

Would you please give me some background about this issue and which documentaion are you using in details so that I can support more efficient.

1. Normal Boottable Image: elftosb -f imx -V -c xxx.bd -o xx_signed.bin xxx.elf

2. Generate SB file for FlexSPI NOR Image encryption

3. Generate SB file for FlexSPI NAND image programming

4. ....

For this issue, it may cause by some incorrect keys(keys/SRK_1_2_3_4_table.bin) which can be found in xxx.bd files.

More details, please refer to this post: https://community.nxp.com/t5/i-MX-RT-Crossover-MCUs/elftosb-command-file/m-p/844844

fail to generate signed boot image from my own bootloader

fail to generate signed boot image from my own bootloader

Boot ROM|Booting | Flash

Security(Edgelock | secure boot | OTP)