Encrypted HAB U-Boot for i.MX6ULL dek_blob Not Working

cancel
Showing results for 
Search instead for 
Did you mean: 

Encrypted HAB U-Boot for i.MX6ULL dek_blob Not Working

758 Views
huzaifi
Contributor II

Hi, 

I've been trying to run an encrypted signed uboot. However, when I have to get the dek_blob.bin, I am unable to run the command. I am already able to successfully execute a signed u-boot with no HAB events.

To enable the dek_blob command I added the following defines to the code.

#define CONFIG_SECURE_BOOT
#define CONFIG_SYS_FSL_SEC_COMPAT 4 /* HAB version */
#define CONFIG_FSL_CAAM
#define CONFIG_CMD_DEKBLOB
#define CONFIG_SYS_FSL_SEC_LE
#define CONFIG_FAT_WRITE

When getting the dek_blob.bin, I get the following error.

=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!

=> fatload mmc 1:2 0x10800000 dek.bin
reading dek.bin
16 bytes read in 9 ms (1000 Bytes/s)
=> dek_blob 0x80800000 0x80801000 128
data abort
pc : [<bff5682c>] lr : [<00000008>]
reloc pc : [<8780382c>] lr : [<c78ad008>]
sp : bef50d58 ip : bef515b4 fp : bff567d8
r10: 00000004 r9 : bef50eb8 r8 : bffa4b1c
r7 : bef9fc70 r6 : 80801000 r5 : 80800000 r4 : bef9fc70
r3 : 02142000 r2 : 0000000a r1 : 00000000 r0 : 00000080
Flags: nZCv IRQs off FIQs off Mode SVC_32
Resetting CPU ...

Furthermore, I know that CAAM is no longer supported by the i.MX6ULL. So I know that something is wrong.

What do I have to configure? I already have the NDA documents, please let me know what changes I have to make in my code or on the i.MX6ULL.

Thank you for the help!!

Labels (1)
0 Kudos
4 Replies

391 Views
Yuri
NXP TechSupport
NXP TechSupport

Hello,

 

  Please try to remove   #define CONFIG_FSL_CAAM  option and rebuild U-boot.

Have a great day,

Yuri

 

------------------------------------------------------------------------------

Note: If this post answers your question, please click the Correct Answer

button. Thank you!

0 Kudos

391 Views
huzaifi
Contributor II

Hey Yuri, 

When I look deeper into the codes, I see that the DEK is hard coded for CAAM. There are over a dozen C and Header files that have CAAM hard coded into the dek generator. Is there a patch you have that I can use for the imx6ULL? If so, please share it with me. 

Thank you for the help

0 Kudos

391 Views
Yuri
NXP TechSupport
NXP TechSupport

Hello,

  I am afraid we do not support DEK software implementation.  

Regards,

Yuri.

0 Kudos

391 Views
huzaifi
Contributor II

Hey Yuri,

Removing  #define CONFIG_FSL_CAAM does not work. 

Furthermore, I went into the code and saw that the #define CONFIG_SYS_FSL_SEC_ADDR (secure memory register) in Imx-regs.h is configured for CAAM, and the inline_cnstr_jobdesc_blob_dek function in jobdesc.c is also configured for CAAM.

I don't know which addresses to replace them with. 

Thanks,

0 Kudos