2354036_en-US

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

2354036_en-US

2354036_en-US

i.MX6Q hang during SHA-256 file hashing after migration to Linux 6.6 + Mbed TLS 3.3.0

Hello,

I am migrating a Honeywell ACM system on i.MX6Q (PCIMX6Q5EVT10AA) from Linux Kernel 4.14 + Mbed TLS 2.1.0 to Linux Kernel 6.6 + Mbed TLS 3.3.0.

Reason for migration:
Under Mbed TLS 2.1.0, we observed a hang in mbedtls_x509_crt_verify() during certificate chain verification.
Upgrading to Mbed TLS 3.3.0 resolved that certificate verification hang.

Current issue:
During boot, the system now hangs while validating a 19 MB image file with SHA-256.
mbedtls_sha256_file is removed/deprecated in newer Mbed TLS, so we replaced it with streaming calls.
The board hangs while processing the file loop (during/around mbedtls_sha256_update).

Environment:

  1. Hardware: i.MX6 Quad (PCIMX6Q5EVT10AA)
  2. OS: Linux Kernel 6.6
  3. Crypto library: Mbed TLS 3.3.0
  4. PSA_CRYPTO_C: Disabled
  5. Previous working setup for file validation: Linux Kernel 4.14 + Mbed TLS 2.1.0

Observed behavior:

  1. Board hangs completely during early boot. 
  2. After the system hangs, watchdog resets the board automatically.
  3.  
  4. No login prompt after hang.
  5. No dmesg available at that stage.
  6. Same 19 MB file validated successfully on the old stack.

    Code:

    int mbedtls_sha256_file(const char *path, unsigned char output[32], int is224)
    {
    FILE *f = NULL;
    size_t n;
    int ret = 0;
    mbedtls_sha256_context ctx;
    unsigned char buf[4096];

    f = fopen(path, "rb");
    if (f == NULL) return F1IMG_ERR_FILE_IO;

    mbedtls_sha256_init(&ctx);
    ret = mbedtls_sha256_starts(&ctx, is224);
    if (ret != 0) goto cleanup;

    while ((n = fread(buf, 1, sizeof(buf), f)) > 0) {
    ret = mbedtls_sha256_update(&ctx, buf, n);
    if (ret != 0) goto cleanup;
    }

    if (ferror(f) != 0) {
    ret = F1IMG_ERR_FILE_IO;
    goto cleanup;
    }

    ret = mbedtls_sha256_finish(&ctx, output);

    cleanup:
    mbedtls_sha256_free(&ctx);
    if (f != NULL) fclose(f);
    return ret;
    }


    Thanks in advance.

Re: i.MX6Q hang during SHA-256 file hashing after migration to Linux 6.6 + Mbed TLS 3.3.0

Hello,

Please note that we do not support Mbed TLS on i.MX MPUs as this is mostly used on the i.MX RT instead, even so I did a little research on the issue you are seeing.

It may be possible that you're seeing a CPU hard lock (infinite loop / unaligned access / undefined instruction) triggered by Mbed TLS 3.x optimizations.

For this I would recommend to disable all assembly and hardware acceleration in Mbed TLS
Rebuild Mbed TLS 3.3.0 with these options:

/* Disable all ARM-specific optimizations */
#undef MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
#undef MBEDTLS_SHA256_USE_ARMV7_A
#undef MBEDTLS_SHA256_USE_NEON
 
/* Force pure C implementation */
#define MBEDTLS_NO_ASM


This forces portable C SHA‑256 and matches behavior close to Mbed TLS 2.1.0, so it may be worth giving a try.

Best regards/Saludos,
Aldo.

Tags (1)
No ratings
Version history
Last update:
‎05-02-2026 02:31 AM
Updated by: