Complete steps for AHAB secure boot imx8qm-mek

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Complete steps for AHAB secure boot imx8qm-mek

9,105 Views
stuartrubin
Contributor III

I am looking for the complete set of steps for setting up secure AHAB boot on the imx8qm-mek board.

I can fully create U-Boot, kernel, DTB, and rootfs and boot without security. I have read the guide which is included in U-Boot (mx8-mx8x-secure-boot.txt), this white paper https://community.nxp.com/docs/DOC-343178 , etc., but I cannot seem to get all the steps.

Thank you

Stuart

11 Replies

8,395 Views
stuartrubin
Contributor III

Quang, this is a dumb question, but in U-Boot, did you run the "ahab_status" command? It should explicitly tell you what the SECO events are, or that there were none.

By the way, I did not use the SGK certificates. All of my signatures were with the SRK. (I'm not sure that matters, though.)

0 Kudos
Reply

8,395 Views
stuartrubin
Contributor III

We were both on the same track that only one container was being signed. I did get it fixed. Here are the HIGHLY simplified steps to make a signed boot image for the SD card:

U-Boot Proper:            make SOC=iMX8QM u-boot-atf-container.img  ("third container")
Sign U-Boot Proper:   Sign u-boot-atf-container.img to signed-u-boot-atf-container.img. Rename to u-boot-atf-container.img.
U-Boot SPL:                   make SOC=iMX8QM flash_spl 
Sign U-Boot SPL:          Sign flash.bin to signed-flash.bin
Linux Kernel+DTB:      make SOC=iMX8QM flash_kernel
Sign Kernel+DTB:        Sign flash.bin to os_cntr_signed.bin

It's working now. I have "closed" the SECO and confirmed that I am doing the secure boot. Thank you.

0 Kudos
Reply

8,394 Views
quang_bui
Contributor I

Hi Stuart,

i have a similar problem as you with my board - maybe you can help me out. 

i've built my flash.bin and signed it with my SRK and SGK Certificate. 

In the next step i tried to verify my SECO events - no output on the SCFW terminal which is great.

To recheck the procedure of AHAB i tried the same flash.bin with the same SRK but with ANOTHER SGK which is NOT part of the PKI Tree - still no events on the terminal , but I expected an error message here.

Did you use a SGK for you secure boot? if yes, what exactly did you do?

Best Regards

Quang

0 Kudos
Reply

8,394 Views
utkarsh_gupta
NXP Employee
NXP Employee

Hi Stuart,

As per the SECO error 0x0087EE00, following is the reason:

1. 0x0087EE00 = The container image is not signed (doesn’t contain any signature), but the device is open, so
everything will boot up successfully
SECO Event[0] = 0x0087EE00
CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
IND = AHAB_NO_AUTHENTICATION_IND (0xEE)

When I boot the UNSIGNED image, as expected, it does boot, but I have AHAB events:
=>  ahab_status
Lifecycle: 0x0020, NXP closed
SECO Event[0] = 0x0087EE00
        CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
        IND = AHAB_NO_AUTHENTICATION_IND (0xEE)
SECO Event[1] = 0x0087EE00
        CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
        IND = AHAB_NO_AUTHENTICATION_IND (0xEE)
sc_seco_get_event: idx: 2, res:3
 
What is interesting here are that there are TWO events (not just one). 
I see that you have built the image with flash_spl command (even though you ran flash once, it overwrites the previous image buiilt)
Two events are because there are 3 containers, 1 - SECO which is signed, 2 - SCFW+SPL not signed and 3 - u-boot + ATF not signed.
Once I again, I program the new image, flash.signed.bin to the SD card with dd. Now, when I boot the signed SD card image, I get ONE AHAB event:
=> ahab_status
Lifecycle: 0x0020, NXP closed
SECO Event[0] = 0x0087EE00
        CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
        IND = AHAB_NO_AUTHENTICATION_IND (0xEE)
sc_seco_get_event: idx: 1, res:3
Here it seems like you have signed one of the two containers and not the other, Could you confirm this step again? 

Regards,

Utkarsh

0 Kudos
Reply

8,394 Views
igorpadykov
NXP Employee
NXP Employee

Hi Stuart

one can refer to AN12312

Secure Boot on i.MX 8 and i.MX 8X Families using AHAB

and uboot documentation

ahab\imx\doc - uboot-imx - i.MX U-Boot 

Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply

8,395 Views
stuartrubin
Contributor III

Igor, thank you for your response. I have previously gone through the referenced documentation. Unfortunately, there are some differences between what the guide tells you to expect from the "make SOC=iMX8QM flash" command and what I actually get.

Here is my output:

``stuart@build-server:~/imx8-secure-boot-experimental/imx-mkimage$ make SOC=iMX8QM flash
Compiling mkimage_imx8
Converting iMX8 DCD file
cc -E -Wp,-MD,.imx8qm_dcd.cfg.cfgtmp.d -nostdinc -Iinclude -I./lib -DDDR_TRAIN_IN_DCD=1 -x c -o imx8qm_dcd.cfg.tmp imx8qm_dcd_1.6GHz.cfg
./../mkimage_imx8 -commit > head.hash
758+1 records in
758+1 records out
776360 bytes (776 kB, 758 KiB) copied, 0.00195725 s, 397 MB/s
objcopy: 'hdmitxfw.bin': No such file
cat: hdmitxfw-pad.bin: No such file or directory
./../mkimage_imx8 -soc QM -c -scfw scfw_tcm.bin -c -ap u-boot-atf.bin a53 0x80000000 -out flash.bin
SOC: QM
New Container: 0
SCFW: scfw_tcm.bin
New Container: 1
AP: u-boot-atf.bin core: a53 addr: 0x80000000
Output: flash.bin
Platform: i.MX8QM
scfw size = 163264
AP image size = 0xdd8a8
AP image offset = 0x29000
DONE.
Note: Please copy image to offset: IVT_OFFSET + IMAGE_OFFSET``

And here is what the documentation tells us:

``If the command ends successfully, the end of the result should look
like:

CST: CONTAINER 0 offset: 0x400
CST: CONTAINER 0: Signature Block: offset is at 0x590
DONE.
Note: Please copy image to offset: IVT_OFFSET + IMAGE_OFFSET``

The outputs are different enough that I don't know what to do for the next step (1.5) when setting up the CSF file.

Can you please confirm:

The exact Git repositories w/ tags for both U-Boot and the imx-mkimage utilities?

Thank you

0 Kudos
Reply

8,395 Views
igorpadykov
NXP Employee
NXP Employee

Hi Stuart

source.codeaurora.org/external/imx is official nxp  repository

Code Aurora git repositories 

nxp linux  documentation
i.MX Software and Development Tools | NXP 

Best regards
igor

0 Kudos
Reply

8,395 Views
stuartrubin
Contributor III
Igor, I have made some progress. (I was pulling the source code from the wrong repositories and/or tags.) I am getting close, but there are still some problems with the code signing.
Building and running U-Boot "normally" (i.e. no secure boot) works fine. I think the problem is with how I'm using the mkimage tool.
After compiling, I build an SD card image with:
$ cd  <working>/imx-mkimage
 
 # Copy U-Boot binary into target folder
$ cp  -v   ../uboot-imx/u-boot.bin ./iMX8QM/  
 # Copy Firmware, AHAB Container into target folder
$ cp   -v  ~/imx-yocto-bsp/build-xwayland/tmp/work/imx8qmmek-poky-linux/imx-boot/0.2-r0/git/iMX8QM/scfw_tcm.bin ./iMX8QM/
$ cp   -v  ~/imx-yocto-bsp/build-xwayland/tmp/work/imx8qmmek-poky-linux/imx-boot/0.2-r0/git/iMX8QM/bl31.bin  ./iMX8QM/
$ cp   -v  ~/imx-yocto-bsp/build-xwayland/tmp/work/imx8qmmek-poky-linux/imx-boot/0.2-r0/git/iMX8QM/mx8qm-ahab-container.img  ./iMX8QM/
 # Build the SD Card Boot Binary
$ make SOC=iMX8QM flash 
$ cp  -v  ~/imx-yocto-bsp/build-xwayland/tmp/work/imx8qmmek-poky-linux/imx-boot/0.2-r0/git/iMX8QM/tee.bin   ./iMX8QM/
$ cp   -v  <working>/uboot-imx/spl/u-boot-spl.bin   ./iMX8QM/
 # Make SD Card Boot SPL Container
$ make SOC=iMX8QM flash_spl  
The resulting flash.bin file can be programmed with the "dd" command onto an SD card and it boots correctly.
Separately, I have generated the keys with the ahab_pki_tree.sh script and programmed the fuses. I did NOT close the AHAB lifecycle.
# ahab_close  <--- Did NOT YET run this command.
 
When I boot the UNSIGNED image, as expected, it does boot, but I have AHAB events:
=>  ahab_status
Lifecycle: 0x0020, NXP closed
SECO Event[0] = 0x0087EE00
        CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
        IND = AHAB_NO_AUTHENTICATION_IND (0xEE)
SECO Event[1] = 0x0087EE00
        CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
        IND = AHAB_NO_AUTHENTICATION_IND (0xEE)
sc_seco_get_event: idx: 2, res:3
 
What is interesting here are that there are TWO events (not just one). 
 
Next, I edit the "csf_boot_image" configuration file so that it points to my own SRK table, cert, and flash.bin, then run the command to make the signed boot image:
$ ../../nxp_code_signing_tool/release/linux64/bin/cst -i my_csf_boot_image.txt -o flash.signed.bin
CSF Processed successfully and signed image available in flash.signed.bin
Once I again, I program the new image, flash.signed.bin to the SD card with dd. Now, when I boot the signed SD card image, I get ONE AHAB event:
=> ahab_status
Lifecycle: 0x0020, NXP closed
SECO Event[0] = 0x0087EE00
        CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
        IND = AHAB_NO_AUTHENTICATION_IND (0xEE)
sc_seco_get_event: idx: 1, res:3
 
The way I read this is:
I actually have two containers in my boot image. One of them is properly signed, the other is unsigned (as opposed to incorrectly signed, as indicated by the error 0xEE).
My guess is that that the boot image is actually broken into two parts, the SPL and U-Boot proper. 
So, perhaps there are two ways to fix this:
  1. Build U-Boot without an SPL; just have one binary which is the effectively the SPL and U-Boot application. I tried this even without signatures and could not get it run.
  2. Sign both SPL and U-Boot binaries individually. I'm not sure how to do this.
Or maybe I'm just doing something wrong.
Thank you very much for your help!
0 Kudos
Reply

7,991 Views
Terry3
Contributor II

@stuartrubinI guess you figured it out?

I am trying to do pretty much the same thing but with ahab.

I have followed the steps:

1 - Sign the u-boot-atf-container.img (0x0 / 0x110)
2 - Sign the flash.bin (0x400, 0x510) with the signed-u-boot-atf-container.img (renamed u-boot-atf-container.img)
3 - Flash on device

The ahab_status show two events, one is AHAB_BAD_KEY_HASH_IND (expected because the efuse are not done yet), the other one is AHAB_NO_AUTHENTICATION_IND which should be AHAB_BAD_KEY_HASH_IND shouldnt it ?

I get the following ahab_status:

```

Lifecycle: 0x0020, NXP closed

SECO Event[0] = 0x0087FA00
CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
IND = AHAB_BAD_KEY_HASH_IND (0xFA)

SECO Event[1] = 0x0087EE00
CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
IND = AHAB_NO_AUTHENTICATION_IND (0xEE)

sc_seco_get_event: idx: 2
```

Thanks for your help

EDIT: I figured it out, I needed to dd the signed-u-boot-atf-container at the end of the signed flash bin

0 Kudos
Reply

7,487 Views
Gandalf-kern
Contributor IV

how did the u-boot-atf-container.img get built and how did you sign it?

1 - Sign the u-boot-atf-container.img (0x0 / 0x110)

 

0 Kudos
Reply

7,345 Views
Terry3
Contributor II

Hi @Gandalf-kern 

The u-boot-atf-container.img gets built in the imx-mkimage/imx-boot_... recipes.

To be able to use it, you need to append to the recipe to move it from the BOOT_STAGING directory to the DEPLOYDIR (or whatever other destination you like). You also going to need the boot-spl-container.img.

Once you have built and got these two files, you should be able to follow through the steps to sign them manually.

Hope this helps