Hi,
I've been trying to run an encrypted signed uboot. However, when I have to get the dek_blob.bin, I am unable to run the command. I am already able to successfully execute a signed u-boot with no HAB events.
To enable the dek_blob command I added the following defines to the code.
#define CONFIG_SECURE_BOOT
#define CONFIG_SYS_FSL_SEC_COMPAT 4 /* HAB version */
#define CONFIG_FSL_CAAM
#define CONFIG_CMD_DEKBLOB
#define CONFIG_SYS_FSL_SEC_LE
#define CONFIG_FAT_WRITE
When getting the dek_blob.bin, I get the following error.
=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
=> fatload mmc 1:2 0x10800000 dek.bin
reading dek.bin
16 bytes read in 9 ms (1000 Bytes/s)
=> dek_blob 0x80800000 0x80801000 128
data abort
pc : [<bff5682c>] lr : [<00000008>]
reloc pc : [<8780382c>] lr : [<c78ad008>]
sp : bef50d58 ip : bef515b4 fp : bff567d8
r10: 00000004 r9 : bef50eb8 r8 : bffa4b1c
r7 : bef9fc70 r6 : 80801000 r5 : 80800000 r4 : bef9fc70
r3 : 02142000 r2 : 0000000a r1 : 00000000 r0 : 00000080
Flags: nZCv IRQs off FIQs off Mode SVC_32
Resetting CPU ...
Furthermore, I know that CAAM is no longer supported by the i.MX6ULL. So I know that something is wrong.
What do I have to configure? I already have the NDA documents, please let me know what changes I have to make in my code or on the i.MX6ULL.
Thank you for the help!!
Hello,
Please try to remove #define CONFIG_FSL_CAAM option and rebuild U-boot.
Have a great day,
Yuri
------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer
button. Thank you!
Hey Yuri,
When I look deeper into the codes, I see that the DEK is hard coded for CAAM. There are over a dozen C and Header files that have CAAM hard coded into the dek generator. Is there a patch you have that I can use for the imx6ULL? If so, please share it with me.
Thank you for the help
Hello,
I am afraid we do not support DEK software implementation.
Regards,
Yuri.
Hey Yuri,
Removing #define CONFIG_FSL_CAAM does not work.
Furthermore, I went into the code and saw that the #define CONFIG_SYS_FSL_SEC_ADDR (secure memory register) in Imx-regs.h is configured for CAAM, and the inline_cnstr_jobdesc_blob_dek function in jobdesc.c is also configured for CAAM.
I don't know which addresses to replace them with.
Thanks,