Hello,
I am having trouble getting HAB authentication to work on the TWR-VF65GS10 and am wondering what I am missing or what I can try to do to get it to work. The compiler I am using is IAR Embedded Workbench.
In my situation, I have 2 tower boards: one in open state that I am using for reference and the other in closed state with the SRK values generated by the cst 2.3.1 package written to the OCOTP_SRK fuses. I can still debug using JTAG on the closed board.
I created a program blink.bin (attached along with linker file sram_iar_a5.icf) that will boot from the SD card and then continuously blink the LEDs on the tower board based on the example in \Freescale\Freescale_MQX_4_2\mqx\examples\bootloader_vybrid. I booted blink.bin from the SD card on the open board and confirmed that it worked but after following the signing steps on blink.bin I cannot get the signed image to boot from the SD card on the closed board.
So far, I have been using AN4581 as a guide.
From there I generated the PKI tree and SRK table.
I programmed the fuses and verified with the debugger (OCOTP_SRK#) that they were actually programmed.
(Do I have the order and endianess correct in the example below?)
eg.
hexdump -e '/4 "0x"' -e '/4 "%X""\n"' SRK_1_2_3_4_fuse.bin
0x00112233
0x44556677
0x8899AABB
0xCCDDEEFF
0x00112233
0x44556677
0x8899AABB
0xCCDDEEFF
Next, I closed the board by programming Bank 0, Word 6, Byte 0 to 0x02 (verified with OCOTP_CFG5).
Next, I took blink.bin and padded with zeros at the end to align it with 0x1000 size to make blink_padded.bin (attached)
(Am I padding the wrong area?).
Then I ran the following to generate blink_csf.bin (attached) using blink.csf file (attached) and concatenated blink_padded.bin + blink_csf.bin = blink_signed.bin (attached) :
thomas@thomas-VirtualBox:~/cst/cst-2.3.1/blink$ ../linux64/cst --o blink_csf.bin < blink.csf
CSF Processed successfully and signed data available in blink_csf.bin
thomas@thomas-VirtualBox:~/cst/cst-2.3.1/blink$ cat blink_padded.bin blink_csf.bin > blink_signed.bin
Next on Windows I copied the blink_signed.bin image onto the SD card:
C:\Freescale\Freescale_MQX_4_2\tools\ddcopy>ddcopy.exe infile=blink_signed.bin outdevice=u: seek=0x400 obs=512
start copying
done
Then I tried to boot using the SD card on the closed board with the jumpers as shown but blink does not seem to be able to run.
(Do I have some jumper(s) in the wrong place?)
I took the same SD card and booted it on the open board and it was able to run so I think it must have something to do with the HAB.
From AN4581, I understand that iMX6 has a hab_status command that can be enabled in U-Boot to look at the events that were generated. I was able to compile and run U-Boot on the Vybrid tower with the instructions here u-boot on the Vybrid tower board in a few commands and added #define CONFIG_SECURE_BOOT to vf610twr.h but I don't think there is support for the hab_status command for Vybrid on U-Boot? Is there another way to examine the events that are generated to try to figure out what exactly the HAB is dissatisfied with?
Any advice would be appreciated.
Thanks,
Thomas
Original Attachment has been moved to: blink_csf.bin.zip
Original Attachment has been moved to: blink.csf.zip
Original Attachment has been moved to: blink_padded.bin.zip
Original Attachment has been moved to: sram_iar_a5.icf.zip
Original Attachment has been moved to: blink_signed.bin.zip
Original Attachment has been moved to: blink.bin.zip
Hello,
Please create request in order to get detailed example for i.MX6, which hope - helps.
https://community.nxp.com/docs/DOC-329745
Have a great day,
Yuri
------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer
button. Thank you!
------------------------------------------------------------------------------
Tried adjusting values so address of CSF is aligned with 0x1000 but closed board still won't boot though.
Padded blink.bin to create blink_padded.bin with file size of 0x20C00 = 0x21000 - 0x400 (ivt starts right at the beginning of file in blink.bin, not at byte 0x400 of file in blink.bin)
Adjusted blink.csf blocks line to:
Blocks = 0x3f040400 0x000 0x20C00 "/home/thomas/cst/cst-2.3.1/blink/blink_padded.bin"
From CST User guide:
List of one or more data blocks. Each
block is specified by four parameters:
source file (must be binary),
starting load address in memory
starting offset within the source file
length (in bytes)
The layout of SD card should be:
-- 0x0
blank
-- 0x400 -- (blink_padded.bin)
ivt, dcd, boot_data
program
padding
-- 0x21000 -- (blink_csf.bin)
csf data
padding
-- 0x22000
The SRAM layout should then be:
-- 0x3f040400
ivt, dcd, boot_data
program
padding
-- 0x3f061000
csf data
padding
-- 0x3f062000
It appears my locked board is preproduction as referenced here https://community.nxp.com/thread/314356. All the OTPMK values were 0 so I burned in random values to the OTPMK fuses.
The closed board still won't boot though.
In vybrid reference manual, it states that there is a csf value inside the ivt which points to the csf. In my binaries, the values are 0. I used a hex editor to modify the ivt (7th uint32_t) in the binary to 0x3f060400 (start of ivt 0x3f040400 + padded binary size 0x20000), the address csf should be at in memory.
Also tried padding the end of the signed file to 0x1000 size.
Changed version value in csf header value from 4.1 to 4.0.
None of the above got it to work though.