Hello,
I have just take a loot at this presentation:
Regarding the secure boot at loading the secure bootloader this info is provided:
The corresponding previously created public key's fuse values are generated and flashed onto the OTP fuses.
Here a signed image is loaded and validated without ELE events.
At last, after having tested a signed image, it closes ahab.
I don't understand exactly what does ahab_close do.
Let's say that we have the fuses already burned (regarding SRK table) and now we load a signed bootloader with CONFIG_AHAB_BOOT=y in u-boot. If ahab_close is not done does it mean that the bootaloder is anyway verified but even if it does not match the signature it boots anyway? And after closing ahab does it mean that this time only properly signed images are booted?
Best regards,
Gorka.
Hi,
Thank you for your reply. I have already builded a signed-flash.bin following this guide:
I have flashed the bootloader to an sd and booted from it. No fuses have been flashed yet so they are as if srk table is all zeroes. The ahab_status i get is as follows:
I have two questions. I see two ele events (two containers have been verified). The first one must be the global container (spl, ddr bin, ahab container and uboot+atf+tee container). It throws a bad key hash (since I haven't flash fuses yet its fine). But the second event indicates that the failure type is no authentication, does this mean that this second container haven't been signed (I am sure I have done it as in the guide is suggested)? And why there are no three events as ther eare three containers?
Your are right, it was not signed. Seems like there was an error in my script, now both containers throw the same bad hash error.
Anyway, I would like to test if the generated image would match the hash with the correct srk table. Isn't it any script to verify this signature check? As far as fuses cannot be overriden in imx9, I don't see other option as trusting that the signature is correctly done and that it will boot correctly.
