I’m working on enabling HAB (High Assurance Boot) on an i.MX6D board. U-Boot is signed and is in Open mode, but during the boot process, I see the following log:
selecting dtb file for el....
Using boot/uImage-imx6.dtb...
48129 bytes read in 4 ms (11.5 MiB/s)
hab fuse not enabled
Authenticate image from DDR location 0x12800000...
bad magic magic=0xff length=0xffff version=0xff
bad length magic=0xff length=0xffff version=0xff
bad version magic=0xff length=0xffff version=0xff
Error: Invalid IVT structure
and also, this output:
=> hab_status
Secure boot disabled
prefetch abort
pc : [<00007b50>] lr : [<8ef790d9>]
reloc pc : [<88891b50>] lr : [<178030d9>]
sp : 8df68a28 ip : 8ef79249 fp : 00000001
r10: 8effb030 r9 : 8df75ea0 r8 : 00000000
r7 : 8ef976f9 r6 : 8df7a6a8 r5 : 00000000 r4 : 8eff876c
r3 : 00007b55 r2 : 00000001 r1 : 8df68a34 r0 : 8df68a30
Flags: nzCv IRQs off FIQs off Mode SVC_32 (T)
Code: f004 fe4d 4604 4620 (b004) e562
Resetting CPU ...
The system continues to boot, but HAB reports this Error: Invalid IVT structure, my questions are:
- Do we need to sign the kernel image also for HAB secure boot in open mode?
- What is the recommended memory map and IVT placement for signing.
- why is this Error: Invalid IVT structure.
