Error at Verifying HAB events of fitImage

gthorat149 · ‎01-12-2022

cat fitImage-image | hexdump -C | more

00000000 d0 0d fe ed 02 45 bb b4 00 00 00 38 02 45 b8 10 |.....E.....8.E..|

00000010 00 00 00 28 00 00 00 11 00 00 00 10 00 00 00 00 |...(............|

00000020 00 00 00 74 02 45 b7 d8 00 00 00 00 00 00 00 00 |...t.E..........|

00000030 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 |................|

00000040 00 00 00 03 00 00 00 04 00 00 00 64 61 dd 92 01 |...........da...|

00000050 00 00 00 03 00 00 00 3a 00 00 00 00 55 2d 42 6f |.......:....U-Bo|

00000060 6f 74 20 66 69 74 49 6d 61 67 65 20 66 6f 72 20 |ot fitImage for |

00000070 4e 58 50 20 69 2e 4d 58 20 52 65 6c 65 61 73 65 |NXP i.MX Release|

00000080 20 44 69 73 74 72 6f 2f 35 2e 34 2f 77 61 62 63 | Distro/5.4/wabc|

BOLD = SIZE of FIt-Image

Process of generation of Image-signed.bin

SIZE of FIT-Image =0x0245bbb4

Extracting size from Image header...

SIZE= "0x`od -t x4 -j 0x4 -N 0x4 --endian=big fitImage-image | head -n1 | awk '{print $2}'`"

IVTOFFSET=SIZE

IVTSIZE="0x20"

CSFOFFSET = ((IVTOFFSET + IVTSIZE))

Padding Image file...

objcopy -I binary -O binary --pad-to=$SIZE --gap-fill=0x00 fitImage-image Image-pad.bin

genIVT.pl is copied bellow

chmod +x genIVT.pl

./genIVT.pl

cat Image-pad.bin ivt.bin > Image-pad-ivt.bin

Generating CSF binary...

csf_image.txt is copied bellow

./cst -i csf_image.txt -o csf_image.bin

# copy signatures into binary

cat Image-pad-ivt.bin csf_image.bin > Image-signed.bin

rm Image-pad*

"Image-signed.bin is ready!"

cat csf_image.txt

[Header]

Version = 4.3

Hash Algorithm = sha256

Engine = CAAM

Engine Configuration = 0

Certificate Format = X509

Signature Format = CMS

[Install SRK]

# Index of the key location in the SRK table to be installed

File = "../../crts/SRK_1_2_3_4_table.bin"

Source index = 0

[Install CSFK]

# Key used to authenticate the CSF data

File = "../../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]

# Key slot index used to authenticate the key to be installed

Verification index = 0

# Target key slot in HAB key store where key will be installed

Target index = 2

# Key to install

File = "../../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate Data]

# Key slot index used to authenticate the image data

Verification index = 2

# Authenticate Start Address, Offset, Length and file

Blocks = 0x44000000 0x0 0x245bbd4 "Image-pad-ivt.bin"

cat genIVT.pl

#! /usr/bin/perl -w

use strict;

open(my $out, '>:raw', 'ivt.bin') or die "Unable to open: $!";

print $out pack("V", 0x412000D1); # IVT Header

print $out pack("V", 0x44000000); # Jump Location

print $out pack("V", 0x0); # Reserved

print $out pack("V", 0x0); # DCD pointer

print $out pack("V", 0x0); # Boot Data

print $out pack("V", 0x4645bbb4); # Self Pointer

print $out pack("V", 0x4645bbd4); # CSF Pointer

print $out pack("V", 0x0); # Reserved

close($out);

Like this way I generated Image-signed.bin from FIT-IMAGE

wccu=> hab_auth_img 0x44000000 0x0245C7E8 0x0245C7C8
hab fuse not enabled

Authenticate image from DDR location 0x44000000...
bad magic magic=0x32 length=0xa35b version=0x98
bad length magic=0x32 length=0xa35b version=0x98
bad version magic=0x32 length=0xa35b version=0x98
Error: Invalid IVT structure

Allowed IVT structure:
IVT HDR = 0x4X2000D1
IVT ENTRY = 0xXXXXXXXX
IVT RSV1 = 0x0
IVT DCD = 0x0
IVT BOOT_DATA = 0xXXXXXXXX
IVT SELF = 0xXXXXXXXX
IVT CSF = 0xXXXXXXXX
IVT RSV2 = 0x0
wccu=> hab_auth_img 0x44000000 0x245BBD4 0x0245bbb4
hab fuse not enabled

Authenticate image from DDR location 0x44000000...
Error: Invalid IVT structure

Allowed IVT structure:
IVT HDR = 0x4X2000D1
IVT ENTRY = 0xXXXXXXXX
IVT RSV1 = 0x0
IVT DCD = 0x0
IVT BOOT_DATA = 0xXXXXXXXX
IVT SELF = 0xXXXXXXXX
IVT CSF = 0xXXXXXXXX
IVT RSV2 = 0x0

hab_auth_img 0x44000000 0x0245C7E8 0x0245C7C8

In this command how i select last two argument so my error will gone.

Error at Verifying HAB events of fitImage

Error at Verifying HAB events of fitImage

i.MX8 Coral DevKit