HAB Secure Boot blocking

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HAB Secure Boot blocking

7,542 Views
starlabsstas
Contributor I

Hi,

I am integrating HABv4 Secure Boot on the imx8mm within yocto dunfell accordingly to u-boot's documentation under   

 

doc/imx/habv4/guides/mx8m_secure_boot.txt

 

I am aware of the two components in flash.bin, the spl and the fit image containing uboot, optee, atf, etc.

As far as I understand, the spl gets verified automatically at start and the result of the check can be retrieved with

 

hab_status

 

To verify the fit image part of flash.bin, I patched uboot to give me the data that is needed to verify, i.e. start address, length and IVT offset. In my case, I could verify the fit image with:

 

u-boot=> hab_auth_img 0x401fcdc0 0x3020 0x1000
hab fuse not enabled

Authenticate image from DDR location 0x401fcdc0...

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!

 

 

The CSF data that yields this for SPL is

 

[Header]
    Version = 4.2
    Hash Algorithm = sha256
    Engine = CAAM
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    File = "{{PREFIX}}/usr/share/cst/crts/SRK_1_2_3_4_table.bin"
    Source index = 2

[Install NOCAK]
    File = "{{PREFIX}}/usr/share/cst/crts/SRK3_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Authenticate Data]
    Verification index = 0
    Blocks = 0x7e0fc0 0x0 0x37800 "{{PREFIX}}/imx-boot/1.0-r0/git/iMX8M/flash.bin"

 

 and for the fit image it is

 

[Header]
    Version = 4.2
    Hash Algorithm = sha256
    Engine = CAAM
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    File = "{{PREFIX}}/usr/share/cst/crts/SRK_1_2_3_4_table.bin"
    Source index = 2

[Install NOCAK]
    File = "{{PREFIX}}/usr/share/cst/crts/SRK3_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]
[Authenticate Data]
    Verification index = 0
    Blocks = 0x401fcdc0 0x57c00 0x1020 "{{PREFIX}}/imx-boot/1.0-r0/git/iMX8M/flash.bin"

 

As you can see, I only verify the fit header in this scenario.

 

And here is my problem. When I enable secure mode, then the device hangs after 

 

Authenticate image from DDR location 0x401fcdc0...

 

 I assume the device is attempting to verify more than hab_img_auth is doing.

Although I do not get hab events with my set up, a secure mode device is not booting up.

 

My suspicion is that because not the whole fit image is signed, this is causing issues in secure mode.

So I attempted to sign the remainder of the fit image by extracting the necessary data (addresses offsets and lengths) from print_fit_hab.sh while using the values for TEE_LOAD_ADDR and ATF_LOAD_ADDR from the log of imx-boot:

 

TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 ./mkimage_fit_atf.sh kuk-trizeps8.dtb > u-boot-trizeps8.its

 

this yields the following CSF for the fit image

 

[Header]
    Version = 4.2
    Hash Algorithm = sha256
    Engine = CAAM
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    File = "{{PREFIX}}/usr/share/cst/crts/SRK_1_2_3_4_table.bin"
    Source index = 2

[Install NOCAK]
    File = "{{PREFIX}}/usr/share/cst/crts/SRK3_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]
[Authenticate Data]
    Verification index = 0
    Blocks = 0x401fcdc0 0x57c00 0x1020 "{{PREFIX}}/imx-boot/1.0-r0/git/iMX8M/flash.bin", \
0x40200000 0x5AC00 0xC4E08 "{{PREFIX}}/imx-boot/1.0-r0/git/iMX8M/flash.bin", \
0x402C4E08 0x11FA08 0x82FB "{{PREFIX}}/imx-boot/1.0-r0/git/iMX8M/flash.bin", \
0x920000 0x127D04 0xB160 "{{PREFIX}}/imx-boot/1.0-r0/git/iMX8M/flash.bin", \
0xBE000000 0x132E64 0x3E228 "{{PREFIX}}/imx-boot/1.0-r0/git/iMX8M/flash.bin"

 

 

When I boot this on a non secure boot board (with fuses set as in the example at the beginning), then the spl verifies but when I attempt to verify the fit image, I get:

 

u-boot=> hab_auth_img 0x401fcdc0 0x3020 0x1000
hab fuse not enabled

Authenticate image from DDR location 0x401fcdc0...

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x40 0x1f 0xdd 0xc0
        0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
        0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x40 0x1f 0xcd 0xc0
        0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 3 -----------------
event data:
        0xdb 0x00 0x24 0x43 0x33 0x30 0xc0 0x1d
        0x00 0x08 0x00 0x02 0x40 0x00 0x05 0x16
        0x55 0x55 0x00 0x0f 0xbe 0x00 0x00 0x00
        0x00 0x00 0x00 0x01 0x90 0x00 0x08 0x20
        0x00 0x00 0x00 0x05

STS = HAB_FAILURE (0x33)
RSN = HAB_ENG_FAIL (0x30)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_CAAM (0x1D)


--------- HAB Event 4 -----------------
event data:
        0xdb 0x00 0x3c 0x43 0x33 0x18 0xc0 0x00
        0xca 0x00 0x34 0x00 0x00 0xc5 0x1d 0x00
        0x00 0x00 0x09 0xe8 0x40 0x1f 0xcd 0xc0
        0x00 0x00 0x10 0x20 0x40 0x20 0x00 0x00
        0x00 0x0c 0x4e 0x08 0x40 0x2c 0x4e 0x08
        0x00 0x00 0x82 0xfb 0x00 0x92 0x00 0x00
        0x00 0x00 0xb1 0x60 0xbe 0x00 0x00 0x00
        0x00 0x03 0xe2 0x28

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

 

Parsing Event 4, I understand that this is telling me that the fit image at location 

0x40 0x1f 0xcd 0xc0 with length 
0x00 0x00 0x10 0x20 cannot be authenticated, as well as 
0x40 0x20 0x00 0x00 with length 
0x00 0x0c 0x4e 0x08
0x40 0x2c 0x4e 0x08 with length 
0x00 0x00 0x82 0xfb, 
0x00 0x92 0x00 0x00 with length 
0x00 0x00 0xb1 0x60 and 
0xbe 0x00 0x00 0x00 with length 
0x00 0x03 0xe2 0x28.
So basically all the data that I added with the help of print_fit_hab.sh.
 
I went ahead, extracted the components from the fit image (uboot, fdt, atf and tee) verified that beginning, end and location match, which is the case.
 
At this point I am out of ideas and urgently require assistence.
This setup needs to be ready very soon and I cannot find solutions to my problem in the documentation that is available to me. I was mainly using AN4581.pdf and HAB4_API.pdf.
Due to the urgency of this situation I would gladly accept paid consultancy at this point. Please reach out to me.
 
The resulting fit image looks like this now:

 

FIT description: Configuration to load ATF before U-Boot
Created:         Sun Sep  4 17:51:40 2022
 Image 0 (uboot@1)
  Description:  U-Boot (64-bit)
  Created:      Sun Sep  4 17:51:40 2022
  Type:         Standalone Program
  Compression:  uncompressed
  Data Size:    806408 Bytes = 787.51 KiB = 0.77 MiB
  Architecture: AArch64
  Load Address: 0x40200000
  Entry Point:  unavailable
 Image 1 (fdt@1)
  Description:  kuk-trizeps8
  Created:      Sun Sep  4 17:51:40 2022
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    33531 Bytes = 32.75 KiB = 0.03 MiB
  Architecture: Unknown Architecture
 Image 2 (atf@1)
  Description:  ARM Trusted Firmware
  Created:      Sun Sep  4 17:51:40 2022
  Type:         Firmware
  Compression:  uncompressed
  Data Size:    45408 Bytes = 44.34 KiB = 0.04 MiB
  Architecture: AArch64
  OS:           Unknown OS
  Load Address: 0x00920000
 Image 3 (tee@1)
  Description:  TEE firmware
  Created:      Sun Sep  4 17:51:40 2022
  Type:         Firmware
  Compression:  uncompressed
  Data Size:    254504 Bytes = 248.54 KiB = 0.24 MiB
  Architecture: AArch64
  OS:           Unknown OS
  Load Address: 0xbe000000
 Image 4 (dek_blob@1)
  Description:  dek_blob
  Created:      Sun Sep  4 17:51:40 2022
  Type:         Script
  Compression:  uncompressed
  Data Size:    96 Bytes = 0.09 KiB = 0.00 MiB
 Default Configuration: 'config@1'
 Configuration 0 (config@1)
  Description:  kuk-trizeps8
  Kernel:       unavailable
  Firmware:     uboot@1
  FDT:          fdt@1
  Loadables:    dek_blob@1
                atf@1
                tee@1

 

0 Kudos
Reply
11 Replies

6,895 Views
starlabsstas
Contributor I

The problem was that the fast boot option does not seem to have worked. I have redone everything with CSF and IMG certificates and then it worked.

 

Thanks!

0 Kudos
Reply

7,426 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi 

I tried imx8mm secure boot with your SPL & FIT csf file with specified block setting in my imx8mm evk board.

Secure boot can work well on my side.

Attachment is my csf files (modified from your log), you can take as a reference.

In your case, if there are multi-lines in FIT csf Blocks, I think you can't authenticate FIT image by "hab_auth_img" command which requires a continuous memory to be authenticated, but CSF data is in the middle of FIT image that is not signed.

hab_auth_img 0x401fcdc0 0x3020 0x1000

 

Here is some suggestions to try,

1. Try to secure boot an imx8mm in open device

2. Sign SPL part in flash.bin first, then check hab_status at u-boot prompt.

3. Sign FIT part in flash.bin, check hab_status at u-boot prompt.

 

Best regards

Harvey

0 Kudos
Reply

7,420 Views
starlabsstas
Contributor I

Hi,

according to 

i.MX8MP Secure boot.pdf

that you linked in your previous post, the Fit CSF needs to be in the middle of flash.bin file. According to the authentication instructions, the artefacts that are authenticated are in consecutive memory.

Regarding your suggestions:

1. Try to secure boot an imx8mm in open device

I have 2 devices with the same fuses set except one is in secure mode and the other one is in open mode. uboot is installed on an SD card so I can exchange the content very easy.

 

Sign SPL part in flash.bin first, then check hab_status at u-boot prompt.

Simply signing the SPL part and running hab_status does not give any events. However, the device does not boot on the secure mode device.

 

Sign FIT part in flash.bin, check hab_status at u-boot prompt.

When I sign the FIT part, reboot and run hab_status, there are no events, however, when I force the check with 

hab_auth_img 0x401fcdc0 0x3020 0x1000

Then I get the events as described above.

When I try to boot this uboot on a closed secure mode device it gets stuck after SPL. Indicating that authentication failed.

My SPL and FIT CSF files are identical to yours. It does not boot up.

 

I am pretty lost here and require further assistance. Is there a possibility to get a paid remote session with assistance?

0 Kudos
Reply

7,407 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi,

  1.  It seems there is no hab event for authenticate SPL/FIT image in open device, right?
  2. "hab_auth_img" can't be used to authenticate FIT image if there are multi-line blocks in FIT csf file.
  3.  Double check fuse hash programmed in closed device
      Usage:
    • fuse read 6 4
    • fuse read 7 4
  4. Can you share how you close the device?
  5. Can you provide boot log in closed device?

Best regards

Harvey

0 Kudos
Reply

7,401 Views
starlabsstas
Contributor I

Let me answer your questions:

1. It seems there is no hab event for authenticate SPL/FIT image in open device, right?

Correct. If I boot up the open device and issue hab_status, there are no events

u-boot=> hab_status
Secure boot disabled
HAB Configuration: 0xf0,
HAB State: 0x66
No HAB Events Found!

I cannot do this on the closed device as it does not boot far enough for me to enter uboot cli.

 

2. "hab_auth_img" can't be used to authenticate FIT image if there are multi-line blocks in FIT csf file.

OK, thanks for the info.

 

3. Double check fuse hash programmed in closed device

On the closed device I cannot boot into uboot cli. I am very certain, that the fuses are set the same way they are on the open device:

u-boot=> fuse read 6 0
Reading bank 6: Word 0x00000000: adda8b8a
u-boot=> fuse read 6 1
Reading bank 6: Word 0x00000001: 3bbf6cfe
u-boot=> fuse read 6 2
Reading bank 6: Word 0x00000002: 69d96f10
u-boot=> fuse read 6 3
Reading bank 6: Word 0x00000003: 90dd2a87
u-boot=> fuse read 7 0
Reading bank 7: Word 0x00000000: eb00cc86
u-boot=> fuse read 7 1
Reading bank 7: Word 0x00000001: 3053b038
u-boot=> fuse read 7 2
Reading bank 7: Word 0x00000002: 7d669ee3
u-boot=> fuse read 7 3
Reading bank 7: Word 0x00000003: d140b92a

 

4. Can you share how you close the device?

I followed the documentation in mx8m_secure_boot.txt and did:

fuse prog 1 3 0x2000000

I wanted to do the remainder of the recommended fuses once I can verify that secure mode works.

5. Can you provide boot log in closed device?

The closed device gets stuck at the shown point.

U-Boot SPL 2019.04-kuk_imx_v2019.04_5.4.3_2.0.0+gb770149574 (Sep 20 2021 - 08:39:56 +0000)
Choose dram_timing_v1r2_2GB_K4F6E3S4HM
DDRINFO: start DRAM init
DDRINFO:ddrphy calibration done
DDRINFO: ddrmix config done
Normal Boot
Trying to boot from MMC1

Authenticate image from DDR location 0x401fcdc0...

 

I am really looking for consultation here. Any help is appreciated. Can we arrange a call?

0 Kudos
Reply

7,393 Views
Harvey021
NXP TechSupport
NXP TechSupport

 

Two more aspects as below might be helpful for you. 

  • To dump the SRK hash fuse values in host machine: 
hexdump -e '/4 "0x"' -e '/4 "%X""\n"' SRK_1_2_3_4_fuse.bin

 

        and then compare it with the fused hash in SoC.

 

Best regards

Harvey

0 Kudos
Reply

7,511 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi @starlabsstas 

Please share these files for us. images, which include with signed and without signed, and files, which include csf spl and csf fit. and information for ivt. Also which version of bsp you are using?

Best regards

Harvey

 

0 Kudos
Reply

7,497 Views
starlabsstas
Contributor I

Is there any more that I can do to help you helping me?

0 Kudos
Reply

7,505 Views
starlabsstas
Contributor I

Hi,

thanks for answering. I can gladly provide all necessary files. These are dev builds and all key material is ephemeral.

We use Yocto dunfell. For u-boot we use v2019.04 with patches from our vendor.

I attached
- unsigned flash.bin

- signed flash.bin

- ivt of spl

- ivt of fit

- csf of spl

- csf of fit

 

Please let me know if I can assist more.

 

Thanks in advance for your help!

0 Kudos
Reply

7,483 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi 

Here is a secure boot reference document on i.mx8mp(be similar with i.mx8mm), it lists key points about sign SPL & FIT. You can check these points compared with your previous steps.

One suggestion is, you can just sign SPL first, if SPL verify successful, then sign FIT.

And can you share the full log of mkimake 'flash.bin' (including full log of mkimake print_fit_hab, note there are part of information missed on your post), and its corresponding spl/fit csf files(plain text)?

Then We can be more clear about your sign process.

Best regards

Harvey

0 Kudos
Reply

7,472 Views
starlabsstas
Contributor I

Hey, thanks for taking your time to reply.

Despite not knowing about the document before, I did exactly as described in the document based on the information that is available in the u-boot documentation.

As I described in my initial post, signing and verifying SPL works. Signing FIT is what seems to be the culprit.

For clarification kuk-trizeps8.dtb and kuk-trizeps8mini.dtb are the same file in my setup.

 

The output of print_fit_hab.sh is:

 

 

> $ TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 VERSION=v1 ./print_fit_hab.sh 0x60000 kuk-trizeps8mini.dtb
0x40200000 0x5AC00 0xC4E08
0x402C4E08 0x11FA08 0x82FB
0x920000 0x127D04 0xB160
0xBE000000 0x132E64 0x3E228

 

 

The run of mkimage flash.bin produces the following output:

 

NOTE: building iMX8MM -  flash_trizeps8
./../scripts/pad_image.sh bl31.bin
bl31.bin is padded to 45408
DEK_BLOB_LOAD_ADDR=0x40400000 TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 ./mkimage_fit_atf.sh kuk-trizeps8.dtb > u-boot-trizeps8.its
bl31.bin size:
45408
Building with TEE support, make sure your bl31 is compiled with spd. If you do not want tee, please delete tee.bin
tee.bin size:
254504
Building with encrypted boot support, make sure to replace DEK Blob in final image.
u-boot-nodtb.bin size:
806408
kuk-trizeps8.dtb size:
33531
./mkimage_uboot -E -p 0x3000 -f u-boot-trizeps8.its u-boot-trizeps8.itb
u-boot-trizeps8.its:7.11-14.5: Warning (unit_address_vs_reg): /images/uboot@1: node has a unit name, but no reg property
u-boot-trizeps8.its:15.9-20.5: Warning (unit_address_vs_reg): /images/fdt@1: node has a unit name, but no reg property
u-boot-trizeps8.its:21.9-29.5: Warning (unit_address_vs_reg): /images/atf@1: node has a unit name, but no reg property
u-boot-trizeps8.its:30.9-38.5: Warning (unit_address_vs_reg): /images/tee@1: node has a unit name, but no reg property
u-boot-trizeps8.its:39.14-45.5: Warning (unit_address_vs_reg): /images/dek_blob@1: node has a unit name, but no reg property
u-boot-trizeps8.its:50.12-55.5: Warning (unit_address_vs_reg): /configurations/config@1: node has a unit name, but no reg property
FIT description: Configuration to load ATF before U-Boot
Created:         Sun Sep  4 17:51:40 2022
 Image 0 (uboot@1)
  Description:  U-Boot (64-bit)
  Created:      Sun Sep  4 17:51:40 2022
  Type:         Standalone Program
  Compression:  uncompressed
  Data Size:    806408 Bytes = 787.51 KiB = 0.77 MiB
  Architecture: AArch64
  Load Address: 0x40200000
  Entry Point:  unavailable
 Image 1 (fdt@1)
  Description:  kuk-trizeps8
  Created:      Sun Sep  4 17:51:40 2022
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    33531 Bytes = 32.75 KiB = 0.03 MiB
  Architecture: Unknown Architecture
 Image 2 (atf@1)
  Description:  ARM Trusted Firmware
  Created:      Sun Sep  4 17:51:40 2022
  Type:         Firmware
  Compression:  uncompressed
  Data Size:    45408 Bytes = 44.34 KiB = 0.04 MiB
  Architecture: AArch64
  OS:           Unknown OS
  Load Address: 0x00920000
 Image 3 (tee@1)
  Description:  TEE firmware
  Created:      Sun Sep  4 17:51:40 2022
  Type:         Firmware
  Compression:  uncompressed
  Data Size:    254504 Bytes = 248.54 KiB = 0.24 MiB
  Architecture: AArch64
  OS:           Unknown OS
  Load Address: 0xbe000000
 Image 4 (dek_blob@1)
  Description:  dek_blob
  Created:      Sun Sep  4 17:51:40 2022
  Type:         Script
  Compression:  uncompressed
  Data Size:    96 Bytes = 0.09 KiB = 0.00 MiB
 Default Configuration: 'config@1'
 Configuration 0 (config@1)
  Description:  kuk-trizeps8
  Kernel:       unavailable
  Firmware:     uboot@1
  FDT:          fdt@1
  Loadables:    dek_blob@1
                atf@1
                tee@1
./mkimage_imx8 -fit -loader u-boot-spl-ddr.bin 0x7E1000 -second_loader u-boot-trizeps8.itb 0x40200000 0x60000 -out flash.bin
Platform:       i.MX8M (mScale)
Using FIT image
LOADER IMAGE:   u-boot-spl-ddr.bin start addr: 0x007e1000
SECOND LOADER IMAGE:    u-boot-trizeps8.itb start addr: 0x40200000 offset: 0x00060000
Output:         flash.bin
========= IVT HEADER [HDMI FW] =========
header.tag:             0x0
header.length:          0x0
header.version:         0x0
entry:                  0x0
reserved1:              0x0
dcd_ptr:                0x0
boot_data_ptr:          0x0
self:                   0x0
csf:                    0x0
reserved2:              0x0
boot_data.start:        0x0
boot_data.size:         0x0
boot_data.plugin:       0x0
========= IVT HEADER [PLUGIN] =========
header.tag:             0x0
header.length:          0x0
header.version:         0x0
entry:                  0x0
reserved1:              0x0
dcd_ptr:                0x0
boot_data_ptr:          0x0
self:                   0x0
csf:                    0x0
reserved2:              0x0
boot_data.start:        0x0
boot_data.size:         0x0
boot_data.plugin:       0x0
========= IVT HEADER [LOADER IMAGE] =========
header.tag:             0xd1
header.length:          0x2000
header.version:         0x41
entry:                  0x7e1000
reserved1:              0x57c00
dcd_ptr:                0x0
boot_data_ptr:          0x7e0fe0
self:                   0x7e0fc0
csf:                    0x8187c0
reserved2:              0x0
boot_data.start:        0x7e0bc0
boot_data.size:         0x39c60
boot_data.plugin:       0x0
========= OFFSET dump =========
Loader IMAGE:
 header_image_off       0x0
 dcd_off                0x0
 image_off              0x40
 csf_off                0x37800
 spl hab block:         0x7e0fc0 0x0 0x37800

Second Loader IMAGE:
 sld_header_off         0x57c00
 sld_csf_off            0x58c20
 sld hab block:         0x401fcdc0 0x57c00 0x1020

 

 

For completion, here is my SPL CSF

 

[Header]
    Version = 4.2
    Hash Algorithm = sha256
    Engine = CAAM
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    File = "${PREFIX}/usr/share/cst/crts/SRK_1_2_3_4_table.bin"
    Source index = 2

[Install NOCAK]
    File = "${PREFIX}/usr/share/cst/crts/SRK3_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Authenticate Data]
    Verification index = 0
    Blocks = 0x7e0fc0 0x0 0x37800 "${PREFIX}/flash.bin"

 

 

And here is the full FIT CSF:

 

[Header]
    Version = 4.2
    Hash Algorithm = sha256
    Engine = CAAM
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    File = "${PREFIX}/usr/share/cst/crts/SRK_1_2_3_4_table.bin"
    Source index = 2

[Install NOCAK]
    File = "${PREFIX}/usr/share/cst/crts/SRK3_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]
[Authenticate Data]
    Verification index = 0
    Blocks = 0x401fcdc0 0x57c00 0x1020 "${PREFIX}/flash.bin", \
0x40200000 0x5AC00 0xC4E08 "${PREFIX}/flash.bin", \
0x402C4E08 0x11FA08 0x82FB "${PREFIX}/flash.bin", \
0x920000 0x127D04 0xB160 "${PREFIX}/flash.bin", \
0xBE000000 0x132E64 0x3E228 "${PREFIX}/flash.bin"

 

 

 

As described in the initial post, this does produce invalid signature events. If I remove the last 4 lines (uboot, uboot-fdt, atf and optee), then there are no HAB events in the output, but the image fails to verify on a secure boot enabled device.

0 Kudos
Reply