Everyone,
I was wondering if someone could help me out with getting the secure bootloader working. Once everything gets placed and placed onto the device using the Windows manufacturing tool, I get the following from the console window at boot:
U-Boot 2009.08-00030-g9752205-dirty (Jun 09 2015 - 10:33:32)
U-Boot code: 278006E0 -> 27835200 BSS: -> 2786FE68
CPU: Freescale i.MX6 family TO1.2 at 792 MHz
Thermal sensor with ratio = 178
Temperature: 30 C, calibration data 0x5694d869
mx6q pll1: 792MHz
mx6q pll2: 528MHz
mx6q pll3: 480MHz
mx6q pll8: 50MHz
ipg clock : 66000000Hz
ipg per clock : 66000000Hz
uart clock : 80000000Hz
cspi clock : 60000000Hz
ahb clock : 132000000Hz
axi clock : 264000000Hz
emi_slow clock: 132000000Hz
ddr clock : 528000000Hz
usdhc1 clock : 198000000Hz
usdhc2 clock : 198000000Hz
usdhc3 clock : 198000000Hz
usdhc4 clock : 198000000Hz
nfc clock : 24000000Hz
Board: i.MX6Q-SABREAUTO: unknown-board Board: 0x63012 [POR ]
Boot Device: MMC
RAM Configuration:
Bank #0: 10000000 1 GB
MMC: FSL_USDHC: 0,FSL_USDHC: 1
*** Warning - bad CRC or MMC, using default environment
In: serial
Out: serial
Err: serial
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
Net: got MAC address from IIM:
FEC0 [PRIME]
### main_loop entered: bootdelay=3
### main_loop: bootcmd="booti mmc1"
Hit any key to stop autoboot: 0
kernel @ 10808000 (4435532)
ramdisk @ 11800000 (235409)
Authenticate uImage from DDR location 0x10808000...
ivt_offset = 0x1030000, ivt addr = 0x11838000
Dumping IVT
0xb4253805 0x6845bc02 0xb42eb805 0xa10cfc02
0x0be7e015 0x54bf00ad 0x35f80568 0x6fc02b42
Dumping CSF Header
0xb9811e16 0x1b5cd89b 0x15a11efc 0xad0a8fe0
0x884e7f00 0x42abf804 0x11dfc024 0x99fe0122
0xeff00910 0xff804884 0x1c02442a 0xde012213
0xe6039843 0x0ee6c59e 0x216f7822 0x0a47e012
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
Calling authenticate_image in ROM
ivt_offset = 0x1030000
start = 0x10808000
bytes = 0x1032020
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x08 0x41 0x33 0x05 0x0a 0x00
Authentication Failed
So, I get a HAB_INV_INT error, which I guess means something in the IVT isn't configured correctly. From the csf_u-boot.txt file I have
[Authenticate Data]
Verification index = 2
Blocks = 0x27800400 0x400 0x32c00 "/home/mrobbeloth/projects/quad_src_main_4.3/myandroid/out/target/product/ar6mx/u-boot-6q-pad.bin"
I use a shell script with sed to update the Blocks line based on how the bootloader build changes.
I am open to any suggestions on how to troubleshoot and correct the HAB event.
Michael Robbeloth
Sorry, I didn't saw this comment.
i just looked at the patch and it looks correct.
Ulises,
Is there a way I can this issue escalated to get it resolved. I am really disappointed by how complex this process is to get working. It's almost getting to a point where it is hard from a business standpoint to continue to work on this verses the payback expected in terms of additional sales by implementing this capability.
Michael Robbeloth
Okay, so I'm still struggling with this particular issue. I did notice that once the bootloader is loaded into memory that everything is where I expect it to be except for the IVT. It's not at 0x27800400 or 0x27800000(all 0x00 filler) or right before the CSF at 0x27833000 (there's 0xff filler) even though the IVT is in the binary itself at 0x400 offset from the beginning as expected. So where is the IVT once the bootloader loads, but before any boot commands execute?
Michael Robbeloth
I haven't done secure boot with uboot 2009. But I know that there are some tweaks to be made to the linker script for the ROM to copy the right amount of data. Do you need to use that uboot version or can you upgrade to the latest uboot? The latest uboot does everything for you.
Also, if you repackaging boot.img you need to regenerate the signature running cst again. Since the digital signatures are really hashes then any modifications to the binary would invalidate the signature.