Hi,
I am enabling secure boot with iMX8XQ platform.
My platform boots with SD card.
It can boot up with secure u-boot, but boot fail with secure OS.
Below is boot log:
=====>
mmc1 is current device
** Unable to read file boot.scr **
** Unable to read file os_cntr_signed.bin **
Booting from net ...
ethernet@5b040000 Waiting for PHY auto negotiation to complete.........TIMEOUT !
Could not initialize PHY ethernet@5b040000
BOOTP broadcast 1
BOOTP broadcast 2
BOOTP broadcast 3
BOOTP broadcast 4
BOOTP broadcast 5
BOOTP broadcast 6
BOOTP broadcast 7
BOOTP broadcast 8
BOOTP broadcast 9
BOOTP broadcast 10
BOOTP broadcast 11
BOOTP broadcast 12
BOOTP broadcast 13
BOOTP broadcast 14
BOOTP broadcast 15
BOOTP broadcast 16
BOOTP broadcast 17
Retry time exceeded; starting again
Authenticate OS container at 0x88000000
Wrong container header
ERR: failed to authenticate
<====
From boot log, system can't find signed OS file.
I used below command to copy OS container to system.
$ sudo cp os_cntr_signed.bin /media/root/Boot/imx8qx
The command to copy OS container to system in mx8_mx8x_secure_boot.txt is:
$ sudo cp os_cntr_signed.bin /media/UserID/Boot\ imx8qx
What is wrong with my command?
Best Regards,
Owen Chiu
Hi Bio_TICFSL ,
Thanks for your reply.
I connected ethernet and retested again.
System still can't read os_cntr_signed.bin.
The new test log is as below.
I did copy os_cntr_signed.bin before uboot. I sent os_cntr_signed.bin to SD card with "sudo cp os_cntr_signed.bin /media/root/Boot/imx8qx" command on PC. Then I used this SD card as boot device to boot my target board.
If the location of os_cntr_signed.bin is correct, system shall read os_cntr_signed.bin without problem. That's not the case.
I am not sure the path of "sudo cp os_cntr_signed.bin /media/UserID/Boot\ imx8qx" in mx8_mx8x_secure_boot.txt is correct or not. If boot device is SD card, the UserID is root and the platform is imx8qx, do you think what is the exact path?
New test log :
===>
U-Boot 2018.03-g0d267d5-dirty (Nov 01 2019 - 11:56:27 +0800)
CPU: Freescale i.MX8QXP revB A35 at 1200 MHz at 31C
Model: DFI.Inc i.MX8QXP F8700
Board: iMX8QXP MEK
Boot: SD1
DRAM: 4 GiB
setup_typec lookup gpio@1a_7 failed ret = -22
MMC: FSL_SDHC: 0, FSL_SDHC: 1
Loading Environment from MMC... *** Warning - bad CRC, using default environment
Failed (-5)
TX PLL is not locked.
[board_video_skip] 17
[enable_lvds] 632
lvds2hdmi_setup: Can't find device id=0x4c, on bus 13
Display: M101NWWB_R3 (1280x800)
In: serial
Out: serial
Err: serial
BuildInfo:
- SCFW f0226b37, SECO-FW 9d71fd5b, IMX-MKIMAGE 2cf091c0, ATF d6451cc
- U-Boot 2018.03-g0d267d5-dirty
switch to partitions #0, OK
mmc1 is current device
flash target is MMC:1
Net:
Warning: ethernet@5b040000 (eth0) using random MAC address - 8a:de:be:a1:a3:0f
eth0: ethernet@5b040000 [PRIME]
Warning: ethernet@5b050000 (eth1) using random MAC address - 06:d2:93:d7:1b:64
, eth1: ethernet@5b050000
Fastboot: Normal
Normal Boot
Hit any key to stop autoboot: 3 2 1 0
switch to partitions #0, OK
mmc1 is current device
** Unable to read file boot.scr **
** Unable to read file os_cntr_signed.bin **
Booting from net ...
BOOTP broadcast 1
DHCP client bound to address 172.18.8.45 (18 ms)
Using ethernet@5b040000 device
TFTP from server 172.18.0.32; our IP address is 172.18.8.45
Filename 'SMSBoot\x64\wdsnbp.com'.
Load address: 0x88000000
Loading: * ## Warning: gatewayip needed but not set
###
2.7 MiB/s
done
Bytes transferred = 30832 (7870 hex)
Authenticate OS container at 0x88000000
Wrong container header
ERR: failed to authenticate
<=====
Best Regards,
Owen Chiu
Hello Owen,
In the boot mode you can find that the commands used for sending the kernel, device tree and rootfs here are missing. This is because you don´t have configuration of the Ethernet or you have not connected to ethernet, as well os_cntr_signed.bin you must copy before uboot.
regards