Calling HAB ROM API from EBOOT (VA mode)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Calling HAB ROM API from EBOOT (VA mode)

1,499 Views
AlexeyT
Contributor III

Hello All,

I am trying to implement secure bootloader functionality in WindowsEC7 which supposed to use security features of iMX6 chip.

Before I start any attempt to sign my eboot with securuty key and enable 'closed device mode' in OCOTP I'd like to check that my image has signed and verified correctly.

To do that I need to call HAB ROM API to check whether any error detected by HAB durung bootstrapping or not.

I'v got UBOOT which uses this functionality but there is an issue using this approach in EBOOT.

As far as I understand UBOOT uses physical addresses but EBOOT starts MMU and operates using virtual...

My question is how to call HAB in such a condition.

Ok, I can read HAB ROM area using uncached VA and data I am reading are completely sane.

Then I need to call HAB ROM API providing RAM addresses for it (see example below).

Which address type should I use for such parameters: physical or virtual?

UBOOT is compiled by gcc, EBOOT (obviously) is compiled using MS compiler.

I am assuming that HAB ROM API uses gcc style function parameter access...

Are MS and GCC compatible in term of function parameter transfer or I need to process them manually?

API Example:

typedef enum hab_status hab_rvt_report_status_t(enum hab_config *, enum hab_state *);

Thanks,

Alexey

Labels (1)
Tags (3)
0 Kudos
Reply
4 Replies

1,117 Views
Yuri
NXP Employee
NXP Employee

Hello,

  Basically the boot ROM can use MMU during HAB authentication.

Please take a look at section 8.4.4 (Enabling MMU and Caches)

of the i.MX6 D/Q Reference Manual. In such case using Eboot with

its own MMU initialization may provide unpredictable results.

  Perhaps it would be easier to use (signed) Uboot to load (signed)
WinCE image.

  As for API - ARM ABI is used.


ARM Information Center 

Overview of ARM ABI Conventions


Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

1,117 Views
mklug_xx
Contributor I

How long would the check of the WinCE image take? Are there any data available on the image check times for big images (say 5MB-10MB, and even more)?

0 Kudos
Reply

1,117 Views
Yuri
NXP Employee
NXP Employee

Hello,

If image < 1MB: HAB time ~ 25 ms.

If image > 1MB: HAB time depends on image size, and we do not have
measurements here.
Note, bottlenecks are different for both cases, therefore it is not possible to

estimate timings for big size images.

Regards,

Yuri.

0 Kudos
Reply

1,117 Views
AlexeyT
Contributor III

Hi Yuri,

Unfortunately we have so many things in eboot code which interact with WinEC kernel so we can't just dump eboot and exchange it with uboot...

I don't have any issue to call HAB from PA addressing mode, I can do it from eboot before MMU is initialized (PA mode) and keep results in IRAM for later analysis.

Unfortunatey it did not work either.

For unknown (yet) reason my call to HAB never returns so I started thinking I am obviously doing something wrong.

It would be great if you can give me any clue on it.

I tried caling it from PA mode using exact same techiques as UBOOT use but it hangs during call.

Do I need to use asm instead of C code to successfully call it from EBOOT?

Thanks.

0 Kudos
Reply