- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- HAB EVENT: HAB_INV_ASSERTION
HAB EVENT: HAB_INV_ASSERTION
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Yuri,
在Secure boot的验证中,uboot运行过程中得到如下log: (详见附件)
Authenticate uImage from DDR location 0x12000000...
ivt_offset = 0x4fe000, ivt addr = 0x124fe000
Dumping IVT
0x412000d1 0x12001000 0x00000000 0x00000000
0x00000000 0x124fe000 0x124fe020 0x00000000
Dumping CSF Header
0x415000d4 0x000c00be 0x00001703 0x50000000
0x020c00be 0x01000009 0x90040000 0x000c00ca
0x0000c501 0xe4070000 0x1d0800b2 0x02000000
0x000c00be 0x02000009 0xe8090000 0x001400ca
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x18 0x00 0xc0 0x00
0x00 0x00 0x00 0x20
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x13 0x40 0x00 0x00
0x00 0x00 0x00 0x20
Calling authenticate_image in ROM
ivt_offset = 0x4fe000
start = 0x12000000
bytes = 0x500020
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x18 0x00 0xc0 0x00
0x00 0x00 0x00 0x20
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x13 0x40 0x00 0x00
0x00 0x00 0x00 0x20
--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x12 0x4f 0xe0 0x00
0x00 0x00 0x00 0x20
========================
从上述log看,应该是属于 HAB_INV_ASSERTION (0x0C),即: an invalid key。
但我尝试了各种方法,均无法解决这个问题,现在需要重新梳理一下:
1)硬件平台:i.mx6 solo
2)软件版本: u-boot 2013.04; linux 3.10.31
3)CST工具:CST 2.3.1 和CST 3.0.1均试过。
4)Key的生成:
cd keys
./hab4_pki_tree.sh (n,2048,10,4,y)
cd ../crts
5)CSF的文件详见附件。
6)出现这个问题,不知是否与CST工具版本与uboot版本不一致有关?在workshop中,CST工具为cst 2.2 。
在“Authenticating Yocto 3.10.17-1.0.2-GA BSP Images”中,csf有如下定义:
[Authenticate Data]
Verification index = 2
Blocks = 0x12000000 0x0 0x505020 "uImage-pad-ivt.bin", \
0x18000000 0x0 0xB84B "uImage-imx6q-sabresd.dtb"
这个定义,在CST2.3及其之后的版本是会出现错误的,因为blocks size要求0x1000对齐,但上述的 0x505020并没有对齐,在运行CST工具是,就会出现错误。
7)因此,我想问的问题是:
A、出现0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00是什么原因造成的?
B、对软件版本、CST工具等是否有匹配性的要求,如:针对u-boot 2013.04是否必须为CST2.2 ?
该问题比较急迫,望尽快帮忙分析一下,谢谢!
Yonghe.Luo
Solved! Go to Solution.
Yuri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
From “Appendix A: Interpreting HAB Event Data from Report_Event() API”
of “HAB4_API.pdf”: “An assertion event means that one of the following required areas
is not signed as documented in the Operation section for authenticate_image() API:
• IVT;
• DCD (if provided);
• Boot Data (initial byte - if provided);
• Entry point (initial word).”
For Your case, below is the data block that do not have a required valid signature:
Address Event 1 is 0x1800_C000
Length Event 1 is 0x20
As for CST release - it makes sense to use the recent one.
The CST 2 was critical for i.MX28.
Have a great day,
Yuri
------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer
button. Thank you!
Yuri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
From “Appendix A: Interpreting HAB Event Data from Report_Event() API”
of “HAB4_API.pdf”: “An assertion event means that one of the following required areas
is not signed as documented in the Operation section for authenticate_image() API:
• IVT;
• DCD (if provided);
• Boot Data (initial byte - if provided);
• Entry point (initial word).”
For Your case, below is the data block that do not have a required valid signature:
Address Event 1 is 0x1800_C000
Length Event 1 is 0x20
As for CST release - it makes sense to use the recent one.
The CST 2 was critical for i.MX28.
Have a great day,
Yuri
------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer
button. Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Yuri,
问题已经解决,谢谢!
Yonghe.Luo
