- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- Re: Error using CONFIG_AUTOBOOT_STOP_STR_SHA256 in U-Boot
Error using CONFIG_AUTOBOOT_STOP_STR_SHA256 in U-Boot
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi everyone,
I'm trying to activate the U-Boot's "Stop autobooting via SHA256 encrypted password" feature on iMX8M Mini. The problem is that, when U-Boot is autobooting, every time I press I button I get this error:
Error: Address arguments are not aligned
CAAM was not setup properly or it is faulty
Do you know how to fix it?
Thanks.
Solved! Go to Solution.
igorpadykov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Paolo
--------------
Yes, there is a way to force the AUTOBOOT_STO_STR_SHA256 to be performed by sw that we must change the uboot code manually. The modification is below:
diff --git a/common/hash.c b/common/hash.c
index 413a5bf..cc1609c 100644
--- a/common/hash.c
+++ b/common/hash.c
@@ -171,7 +171,7 @@ static struct hash_algo hash_algo[] = {
.digest_size = SHA256_SUM_LEN,
.chunk_size = CHUNKSZ_SHA256,
#ifdef CONFIG_SHA_HW_ACCEL
- .hash_func_ws = hw_sha256,
+ .hash_func_ws = sha256_csum_wd,
#else
.hash_func_ws = sha256_csum_wd,
#endif
--------------
Best regards
igor
igorpadykov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI pgentili
I checked internally and some questions arised below:
--------------
Does the customer must use CAAM to do sha256 operation? In our BSP, we don't enable CAAM by default, the CONFIG_AUTOBOOT_STOP_STR_SHA256 feature can be achieved by software.
So can you tell me the configuration that customer does? Do they have to use CAAM to do sha256?
--------------
Best regards
igor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
we have FSL_CAAM = y and therefore SHA_HW_ACCEL = y because it's required by SECURE_BOOT which is mandatory in our product.
What do you suggest to do? Is there any way to force the AUTOBOOT_STO_STR_SHA256 to be performed by sw?
Regards
Paolo
igorpadykov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Paolo
--------------
Yes, there is a way to force the AUTOBOOT_STO_STR_SHA256 to be performed by sw that we must change the uboot code manually. The modification is below:
diff --git a/common/hash.c b/common/hash.c
index 413a5bf..cc1609c 100644
--- a/common/hash.c
+++ b/common/hash.c
@@ -171,7 +171,7 @@ static struct hash_algo hash_algo[] = {
.digest_size = SHA256_SUM_LEN,
.chunk_size = CHUNKSZ_SHA256,
#ifdef CONFIG_SHA_HW_ACCEL
- .hash_func_ws = hw_sha256,
+ .hash_func_ws = sha256_csum_wd,
#else
.hash_func_ws = sha256_csum_wd,
#endif
--------------
Best regards
igor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
thanks for your help but your solution is not working.
The error regarding CAAM is gone but I cannot stop the autoboot process typing the password. I tried switching back to CONFIG_AUTOBOOT_STOP_STR (w/o encryption) and it's working fine.
Any idea why it cannot use CAAM at that stage?
Thanks
Paolo
igorpadykov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
internal feedback:
-----------------
Does the customer set SHA256 result of their keys in the CONFIG_AUTOBOOT_STOP_STR_SHA256?
Let me give an example. If I want to use char 'a' to stop autoboot, I need to set the CONFIG_AUTOBOOT_STOP_STR_SHA256 to 'ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb'(the sha256 result of char 'a'), like the attached picture.
Now our BSP hasn't supported CAAM to do sha256 in uboot phase. The method I told you in last reply is to change the sha256 operation to achieve by software method.
-----------------
Best regards
igor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There you go, that was the problem.
Thanks!
Paolo
