Hello, I work in secure boot on CPU: i.MX6DL rev1.3 at 792MHz, I have follow different applications note, but my u-boot not works:
My CSF file, I have took the example of the fast authentication and completed HAB Blocks.
I have set my :
#define CSF_PAD_SIZE 0x2000
So my .imx
0x60c00 + 0x400 + 0x2000 = 0x63000
Signing my csf
Concat uboot + csf_sign
Add padding to have 0x63000
- Create my sd card:
- sudo dd if=u-boot-signed-padded.imx of=/dev/sd<x> bs=1K seek=1 && sync
- or dd if=uboot-signed-padded of=/dev/sdd bs=512 seek=2
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x00
0x00 0x00 0x00 0x20
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x2c
0x00 0x00 0x02 0xf0
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x20
0x00 0x00 0x00 0x01
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x80 0x00 0x00
0x00 0x00 0x00 0x04
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x1d 0xc0 0x00
0xbe 0x00 0x0c 0x00 0x03 0x17 0x00 0x00
0x00 0x00 0x00 0x38
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_KEY (0x1D)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)
My OTP register on my imx-6
I don’t understand why I’ve HAB Event. Any ideas?
I’m searching….
i've seen my sd burned not correctly with my WSL machine......(but print data writed with no error!!=
with no fast authentification
=> now i 've remove line DCD Block in CSF File (i'm not use UUU tools)
now No event Found in hab_status => but no fuse burned!!!
new test today:
my HAB version is 4.1, so i will try to not use fast authentication
ref: in Code-Signing Tool / User’s Guide
generate new key with
$ cat key_pass.txt
cst
cst
$ cat serial
88888888
$ ./hab4_pki_tree.sh
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Do you want to use an existing CA key (y/n)?: n
Do you want to use Elliptic Curve Cryptography (y/n)?: n
Enter key length in bits for PKI tree: 2048
Enter PKI tree duration (years): 10
How many Super Root Keys should be generated? 4
Do you want the SRK certificates to have the CA flag set? (y/n)?: y
../cst-3.4.1/linux64/bin/cst -i csf_uboot_fast_authentication.txt -o csf_uboot.bin
cat u-boot.imx csf_uboot.bin > u-boot-signed
pad to have 0x2000 bytes en csf.bin
$objcopy -I binary -O binary --pad-to 0x5EC00 --gap-fill=0x5A u-boot-signed u-boot-signed-padded
sudo dd if=u-boot-signed-padded of=/dev/sdd bs=512 seek=2
=>the same 5 HAB error
i will try to sign with DCD NULL with script in UUU.pdf:
$ ./mod_4_mfgtool.sh clear_dcd_addr u-boot.imx
$ ./cst --i u-boot-csf.txt --o u-boot-csf.bin
$ ./mod_4_mfgtool.sh set_dcd_addr u-boot.imx
$cat u-boot.imx csf_uboot.bin > u-boot-signed
$objcopy -I binary -O binary --pad-to 0x5EC00 --gap-fill=0x5A u-boot-signed u-boot-signed-padded
$sudo dd if=u-boot-signed-padded of=/dev/sdd bs=512 seek=2
i have this:
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x24 0x41 0x33 0x18 0xc0 0x00
0xca 0x00 0x1c 0x00 0x02 0xc5 0x1d 0x00
0x00 0x00 0x0d 0x44 0x17 0x7f 0xf4 0x00
0x00 0x05 0xcc 0x00 0x00 0x91 0x00 0x00
0x00 0x00 0x02 0xf0
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x00
0x00 0x00 0x00 0x20
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x2c
0x00 0x00 0x02 0xf0
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x20
0x00 0x00 0x00 0x01
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x80 0x00 0x00
0x00 0x00 0x00 0x04
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
add on my CSF DCD Block output
=> not works
