- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- Neural Processing UnitsNeural Processing Units
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
- Neural Processing Units
-
- NXP Tech Blogs
- Home
- :
- Translated Content
- :
- Multi Source Translation Content
- :
- 2374277_en-US
2374277_en-US
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
2374277_en-US
2374277_en-US
Hello
I am experiencing an issue when trying to use HABv4 on an i.Mx8mm processor. To be precise hab_rvt_authenticate_image hangs when being called over the "Secure Monitor Call Calling Conventions" (smccc) in U-Boot proper. It hangs when trying to authenticate my Bootscript (boot.scr). In SPL the direct call (from elevation level 3) to the ROM function works correctly.
I have blown the SRK_Hash Fuses, but the rest of the System is still in an open configuration.
What is interesting is the fact, that when I take an Image built from our Github Pipeline, where a different set of keys is used, the System is able to boot, generating the expected HAB Events as the SRK Hashes obviously don't match.
Comparing the working and non working boot scripts shows no difference in the IVT and CST headers.
Using csf_parse from the CST also produces the same results from both files.
I have verified the adresses and arguments passed to the authenticate function.
The bootcontainer is located inside the eMMC while the Rest of the Image (Bootscript, Kernel, Rootfs) is on the sd card.
Booting an unsigned image without IVT and csf header works, as it will not call the authenticate function at all.
Board: Toradex Verdin imx8mm
Uboot Version: 2024.07
Images were signed using CST 3.4.0
Do you have any idea as to why the authenticate call never returns when using one set of keys (the one matching to the SRK_HASHes in the fuses) while using the wrong one?
Thanks a lot for your help
1. Can you share your csf file, genIVT.sh file and signed bootscript? and running commands to sign bootscript?
2. Did you read SNVS status in u-boot command line? Please share log before and after authenticate signed bootscript.
u-boot => md.l 0x30370000 0x40
Hello
Thanks for your response
1. I have put together the script parts used to sign the bootscript as an attachment. Please note that we use a custom build system that also does other stuff. This is where some of the ENV variables are coming from, which is not directly visible in the snippets.
I have also attched the signed boot script (boot.scr) as well as the boot.cmd. They are in the boot.zip folder.
2. Here is the output from your command before running the auth. Unfortunately i can't get it after, because the system hangs and will eventually be reset by the watchdog.
Verdin iMX8MM # md.l 0x30370000 0x40
30370000: 00000000 80002100 00000000 00000000 .....!..........
30370010: 00000000 80009b00 00002000 00000000 ......... ......
30370020: 00000000 00000000 00000000 00000000 ................
30370030: 00000000 00000000 00000020 00000000 ........ .......
30370040: 00000000 00000000 00000000 40000000 ...............@
30370050: 00000000 00000000 00000000 00000000 ................
30370060: 00000000 41736166 00000000 00000000 ....fasA........
30370070: 00000000 00000000 00000000 00000000 ................
30370080: 00000000 00000000 00000000 00000000 ................
30370090: 00000000 00000000 00000000 00000000 ................
303700a0: 00000000 00000000 00000000 00000000 ................
303700b0: 00000000 00000000 00000000 00000000 ................
303700c0: 00000000 00000000 00000000 00000000 ................
303700d0: 00000000 00000000 00000000 00000000 ................
303700e0: 00000000 00000000 00000000 00000000 ................
303700f0: 00000000 00000000 00000000 00000000 ................
The file U-Boot-Output.txt contains the output of uboot. Note that I have added in some additional debug print statements.
Let me know if you have any questions regarding the content of the files