Doubt regarding ahab secure boot

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Doubt regarding ahab secure boot

ソリューションへジャンプ
1,836件の閲覧回数
Gorka_3
Contributor II

Hello,

I have just take a loot at this presentation:

IoT Security: Unveiling the Power of Secure Boot, Chain of Trust and IP Protection on IoT on i.MX 9 ...

Regarding the secure boot at loading the secure bootloader this info is provided:

Gorka_3_0-1715158413763.png

 

The corresponding previously created public key's fuse values are generated and flashed onto the OTP fuses.

Gorka_3_1-1715158477358.png

Here a signed image is loaded and validated without ELE events.

Gorka_3_2-1715158505953.png

At last, after having tested a signed image, it closes ahab.

 

I don't understand exactly what does ahab_close do.

Let's say that we have the fuses already burned (regarding SRK table) and now we load a signed bootloader with CONFIG_AHAB_BOOT=y in u-boot. If ahab_close is not done does it mean that the bootaloder is anyway verified but even if it does not match the signature it boots anyway? And after closing ahab does it mean that this time only properly signed images are booted?

Best regards,

Gorka.

0 件の賞賛
返信
1 解決策
1,795件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

Hi,

That is correct.

 

Regards

Harvey

元の投稿で解決策を見る

0 件の賞賛
返信
5 返答(返信)
1,796件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

Hi,

That is correct.

 

Regards

Harvey

0 件の賞賛
返信
1,792件の閲覧回数
Gorka_3
Contributor II

Hi,

Thank you for your reply. I have already builded a signed-flash.bin following this guide:

uboot-imx/doc/imx/ahab/guides/mx8ulp_9x_secure_boot.txt at lf-6.1.22-2.0.0 · nxp-imx/uboot-imx · Git...

I have flashed the bootloader to an sd and booted from it. No fuses have been flashed yet so they are as if srk table is all zeroes. The ahab_status i get is as follows:

 

Gorka_3_0-1715240993926.png

I have two questions. I see two ele events (two containers have been verified). The first one must be the global container (spl, ddr bin, ahab container and uboot+atf+tee container). It throws a bad key hash (since I haven't flash fuses yet its fine). But the second event indicates that the failure type is no authentication, does this mean that this second container haven't been signed (I am sure I have done it as in the guide is suggested)? And why there are no three events as ther eare three containers?

0 件の賞賛
返信
1,783件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

Yes, event tells that not signed.

A container can contain one or more images which will also record events if with verification error.

 

Regards

Harvey

 

0 件の賞賛
返信
1,772件の閲覧回数
Gorka_3
Contributor II

Your are right, it was not signed. Seems like there was an error in my script, now both containers throw the same bad hash error.

Gorka_3_0-1715322260217.png

Anyway, I would like to test if the generated image would match the hash with the correct srk table. Isn't it any script to verify this signature check? As far as fuses cannot be overriden in imx9, I don't see other option as trusting that the signature is correctly done and that it will boot correctly.

0 件の賞賛
返信
1,756件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

There is no such script for imx93, but you can have a try with openssl command. By the way, the SRK fuses have to be burned in case of close.

 

Regards

Harvey

0 件の賞賛
返信