- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
HAB Secure Boot blocking
Hi,
I am integrating HABv4 Secure Boot on the imx8mm within yocto dunfell accordingly to u-boot's documentation under
doc/imx/habv4/guides/mx8m_secure_boot.txt
I am aware of the two components in flash.bin, the spl and the fit image containing uboot, optee, atf, etc.
As far as I understand, the spl gets verified automatically at start and the result of the check can be retrieved with
hab_status
To verify the fit image part of flash.bin, I patched uboot to give me the data that is needed to verify, i.e. start address, length and IVT offset. In my case, I could verify the fit image with:
u-boot=> hab_auth_img 0x401fcdc0 0x3020 0x1000
hab fuse not enabled
Authenticate image from DDR location 0x401fcdc0...
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
The CSF data that yields this for SPL is
[Header]
Version = 4.2
Hash Algorithm = sha256
Engine = CAAM
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "{{PREFIX}}/usr/share/cst/crts/SRK_1_2_3_4_table.bin"
Source index = 2
[Install NOCAK]
File = "{{PREFIX}}/usr/share/cst/crts/SRK3_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Authenticate Data]
Verification index = 0
Blocks = 0x7e0fc0 0x0 0x37800 "{{PREFIX}}/imx-boot/1.0-r0/git/iMX8M/flash.bin"
and for the fit image it is
[Header]
Version = 4.2
Hash Algorithm = sha256
Engine = CAAM
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "{{PREFIX}}/usr/share/cst/crts/SRK_1_2_3_4_table.bin"
Source index = 2
[Install NOCAK]
File = "{{PREFIX}}/usr/share/cst/crts/SRK3_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Authenticate Data]
Verification index = 0
Blocks = 0x401fcdc0 0x57c00 0x1020 "{{PREFIX}}/imx-boot/1.0-r0/git/iMX8M/flash.bin"
As you can see, I only verify the fit header in this scenario.
And here is my problem. When I enable secure mode, then the device hangs after
Authenticate image from DDR location 0x401fcdc0...
I assume the device is attempting to verify more than hab_img_auth is doing.
Although I do not get hab events with my set up, a secure mode device is not booting up.
My suspicion is that because not the whole fit image is signed, this is causing issues in secure mode.
So I attempted to sign the remainder of the fit image by extracting the necessary data (addresses offsets and lengths) from print_fit_hab.sh while using the values for TEE_LOAD_ADDR and ATF_LOAD_ADDR from the log of imx-boot:
TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 ./mkimage_fit_atf.sh kuk-trizeps8.dtb > u-boot-trizeps8.its
this yields the following CSF for the fit image
[Header]
Version = 4.2
Hash Algorithm = sha256
Engine = CAAM
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "{{PREFIX}}/usr/share/cst/crts/SRK_1_2_3_4_table.bin"
Source index = 2
[Install NOCAK]
File = "{{PREFIX}}/usr/share/cst/crts/SRK3_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Authenticate Data]
Verification index = 0
Blocks = 0x401fcdc0 0x57c00 0x1020 "{{PREFIX}}/imx-boot/1.0-r0/git/iMX8M/flash.bin", \
0x40200000 0x5AC00 0xC4E08 "{{PREFIX}}/imx-boot/1.0-r0/git/iMX8M/flash.bin", \
0x402C4E08 0x11FA08 0x82FB "{{PREFIX}}/imx-boot/1.0-r0/git/iMX8M/flash.bin", \
0x920000 0x127D04 0xB160 "{{PREFIX}}/imx-boot/1.0-r0/git/iMX8M/flash.bin", \
0xBE000000 0x132E64 0x3E228 "{{PREFIX}}/imx-boot/1.0-r0/git/iMX8M/flash.bin"
When I boot this on a non secure boot board (with fuses set as in the example at the beginning), then the spl verifies but when I attempt to verify the fit image, I get:
u-boot=> hab_auth_img 0x401fcdc0 0x3020 0x1000
hab fuse not enabled
Authenticate image from DDR location 0x401fcdc0...
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x40 0x1f 0xdd 0xc0
0x00 0x00 0x00 0x20
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x40 0x1f 0xcd 0xc0
0x00 0x00 0x00 0x04
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x24 0x43 0x33 0x30 0xc0 0x1d
0x00 0x08 0x00 0x02 0x40 0x00 0x05 0x16
0x55 0x55 0x00 0x0f 0xbe 0x00 0x00 0x00
0x00 0x00 0x00 0x01 0x90 0x00 0x08 0x20
0x00 0x00 0x00 0x05
STS = HAB_FAILURE (0x33)
RSN = HAB_ENG_FAIL (0x30)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_CAAM (0x1D)
--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x3c 0x43 0x33 0x18 0xc0 0x00
0xca 0x00 0x34 0x00 0x00 0xc5 0x1d 0x00
0x00 0x00 0x09 0xe8 0x40 0x1f 0xcd 0xc0
0x00 0x00 0x10 0x20 0x40 0x20 0x00 0x00
0x00 0x0c 0x4e 0x08 0x40 0x2c 0x4e 0x08
0x00 0x00 0x82 0xfb 0x00 0x92 0x00 0x00
0x00 0x00 0xb1 0x60 0xbe 0x00 0x00 0x00
0x00 0x03 0xe2 0x28
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)
Parsing Event 4, I understand that this is telling me that the fit image at location
FIT description: Configuration to load ATF before U-Boot
Created: Sun Sep 4 17:51:40 2022
Image 0 (uboot@1)
Description: U-Boot (64-bit)
Created: Sun Sep 4 17:51:40 2022
Type: Standalone Program
Compression: uncompressed
Data Size: 806408 Bytes = 787.51 KiB = 0.77 MiB
Architecture: AArch64
Load Address: 0x40200000
Entry Point: unavailable
Image 1 (fdt@1)
Description: kuk-trizeps8
Created: Sun Sep 4 17:51:40 2022
Type: Flat Device Tree
Compression: uncompressed
Data Size: 33531 Bytes = 32.75 KiB = 0.03 MiB
Architecture: Unknown Architecture
Image 2 (atf@1)
Description: ARM Trusted Firmware
Created: Sun Sep 4 17:51:40 2022
Type: Firmware
Compression: uncompressed
Data Size: 45408 Bytes = 44.34 KiB = 0.04 MiB
Architecture: AArch64
OS: Unknown OS
Load Address: 0x00920000
Image 3 (tee@1)
Description: TEE firmware
Created: Sun Sep 4 17:51:40 2022
Type: Firmware
Compression: uncompressed
Data Size: 254504 Bytes = 248.54 KiB = 0.24 MiB
Architecture: AArch64
OS: Unknown OS
Load Address: 0xbe000000
Image 4 (dek_blob@1)
Description: dek_blob
Created: Sun Sep 4 17:51:40 2022
Type: Script
Compression: uncompressed
Data Size: 96 Bytes = 0.09 KiB = 0.00 MiB
Default Configuration: 'config@1'
Configuration 0 (config@1)
Description: kuk-trizeps8
Kernel: unavailable
Firmware: uboot@1
FDT: fdt@1
Loadables: dek_blob@1
atf@1
tee@1
The problem was that the fast boot option does not seem to have worked. I have redone everything with CSF and IMG certificates and then it worked.
Thanks!
Hi
I tried imx8mm secure boot with your SPL & FIT csf file with specified block setting in my imx8mm evk board.
Secure boot can work well on my side.
Attachment is my csf files (modified from your log), you can take as a reference.
In your case, if there are multi-lines in FIT csf Blocks, I think you can't authenticate FIT image by "hab_auth_img" command which requires a continuous memory to be authenticated, but CSF data is in the middle of FIT image that is not signed.
hab_auth_img 0x401fcdc0 0x3020 0x1000
Here is some suggestions to try,
1. Try to secure boot an imx8mm in open device
2. Sign SPL part in flash.bin first, then check hab_status at u-boot prompt.
3. Sign FIT part in flash.bin, check hab_status at u-boot prompt.
Best regards
Harvey
Hi,
according to
i.MX8MP Secure boot.pdf
that you linked in your previous post, the Fit CSF needs to be in the middle of flash.bin file. According to the authentication instructions, the artefacts that are authenticated are in consecutive memory.
Regarding your suggestions:
1. Try to secure boot an imx8mm in open device
I have 2 devices with the same fuses set except one is in secure mode and the other one is in open mode. uboot is installed on an SD card so I can exchange the content very easy.
Sign SPL part in flash.bin first, then check hab_status at u-boot prompt.
Simply signing the SPL part and running hab_status does not give any events. However, the device does not boot on the secure mode device.
Sign FIT part in flash.bin, check hab_status at u-boot prompt.
When I sign the FIT part, reboot and run hab_status, there are no events, however, when I force the check with
hab_auth_img 0x401fcdc0 0x3020 0x1000Then I get the events as described above.
When I try to boot this uboot on a closed secure mode device it gets stuck after SPL. Indicating that authentication failed.
My SPL and FIT CSF files are identical to yours. It does not boot up.
I am pretty lost here and require further assistance. Is there a possibility to get a paid remote session with assistance?
Hi,
- It seems there is no hab event for authenticate SPL/FIT image in open device, right?
- "hab_auth_img" can't be used to authenticate FIT image if there are multi-line blocks in FIT csf file.
- Double check fuse hash programmed in closed device
Usage:- fuse read 6 4
- fuse read 7 4
- Can you share how you close the device?
- Can you provide boot log in closed device?
Best regards
Harvey
Let me answer your questions:
1. It seems there is no hab event for authenticate SPL/FIT image in open device, right?
Correct. If I boot up the open device and issue hab_status, there are no events
u-boot=> hab_status
Secure boot disabled
HAB Configuration: 0xf0,
HAB State: 0x66
No HAB Events Found!I cannot do this on the closed device as it does not boot far enough for me to enter uboot cli.
2. "hab_auth_img" can't be used to authenticate FIT image if there are multi-line blocks in FIT csf file.
OK, thanks for the info.
3. Double check fuse hash programmed in closed device
On the closed device I cannot boot into uboot cli. I am very certain, that the fuses are set the same way they are on the open device:
u-boot=> fuse read 6 0
Reading bank 6: Word 0x00000000: adda8b8a
u-boot=> fuse read 6 1
Reading bank 6: Word 0x00000001: 3bbf6cfe
u-boot=> fuse read 6 2
Reading bank 6: Word 0x00000002: 69d96f10
u-boot=> fuse read 6 3
Reading bank 6: Word 0x00000003: 90dd2a87
u-boot=> fuse read 7 0
Reading bank 7: Word 0x00000000: eb00cc86
u-boot=> fuse read 7 1
Reading bank 7: Word 0x00000001: 3053b038
u-boot=> fuse read 7 2
Reading bank 7: Word 0x00000002: 7d669ee3
u-boot=> fuse read 7 3
Reading bank 7: Word 0x00000003: d140b92a
4. Can you share how you close the device?
I followed the documentation in mx8m_secure_boot.txt and did:
fuse prog 1 3 0x2000000I wanted to do the remainder of the recommended fuses once I can verify that secure mode works.
5. Can you provide boot log in closed device?
The closed device gets stuck at the shown point.
U-Boot SPL 2019.04-kuk_imx_v2019.04_5.4.3_2.0.0+gb770149574 (Sep 20 2021 - 08:39:56 +0000)
Choose dram_timing_v1r2_2GB_K4F6E3S4HM
DDRINFO: start DRAM init
DDRINFO:ddrphy calibration done
DDRINFO: ddrmix config done
Normal Boot
Trying to boot from MMC1
Authenticate image from DDR location 0x401fcdc0...
I am really looking for consultation here. Any help is appreciated. Can we arrange a call?
Two more aspects as below might be helpful for you.
- To dump the SRK hash fuse values in host machine:
hexdump -e '/4 "0x"' -e '/4 "%X""\n"' SRK_1_2_3_4_fuse.bin
and then compare it with the fused hash in SoC.
- To your close device, check ROM log and HAB event by reference to these two documents, which can help for further troubleshooting.(HAB Persistent memory in various MPU and MCU chips... - NXP Community) (https://www.nxp.com/webapp/Download?colCode=AN12853)
- For professional engineering services, you can request a quote at (Professional Engineering Services | NXP Semiconductors)
Best regards
Harvey
Please share these files for us. images, which include with signed and without signed, and files, which include csf spl and csf fit. and information for ivt. Also which version of bsp you are using?
Best regards
Harvey
Is there any more that I can do to help you helping me?
Hi,
thanks for answering. I can gladly provide all necessary files. These are dev builds and all key material is ephemeral.
We use Yocto dunfell. For u-boot we use v2019.04 with patches from our vendor.
I attached
- unsigned flash.bin
- signed flash.bin
- ivt of spl
- ivt of fit
- csf of spl
- csf of fit
Please let me know if I can assist more.
Thanks in advance for your help!
Hi
Here is a secure boot reference document on i.mx8mp(be similar with i.mx8mm), it lists key points about sign SPL & FIT. You can check these points compared with your previous steps.
One suggestion is, you can just sign SPL first, if SPL verify successful, then sign FIT.
And can you share the full log of mkimake 'flash.bin' (including full log of mkimake print_fit_hab, note there are part of information missed on your post), and its corresponding spl/fit csf files(plain text)?
Then We can be more clear about your sign process.
Best regards
Harvey
Hey, thanks for taking your time to reply.
Despite not knowing about the document before, I did exactly as described in the document based on the information that is available in the u-boot documentation.
As I described in my initial post, signing and verifying SPL works. Signing FIT is what seems to be the culprit.
For clarification kuk-trizeps8.dtb and kuk-trizeps8mini.dtb are the same file in my setup.
The output of print_fit_hab.sh is:
> $ TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 VERSION=v1 ./print_fit_hab.sh 0x60000 kuk-trizeps8mini.dtb
0x40200000 0x5AC00 0xC4E08
0x402C4E08 0x11FA08 0x82FB
0x920000 0x127D04 0xB160
0xBE000000 0x132E64 0x3E228
The run of mkimage flash.bin produces the following output:
NOTE: building iMX8MM - flash_trizeps8
./../scripts/pad_image.sh bl31.bin
bl31.bin is padded to 45408
DEK_BLOB_LOAD_ADDR=0x40400000 TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 ./mkimage_fit_atf.sh kuk-trizeps8.dtb > u-boot-trizeps8.its
bl31.bin size:
45408
Building with TEE support, make sure your bl31 is compiled with spd. If you do not want tee, please delete tee.bin
tee.bin size:
254504
Building with encrypted boot support, make sure to replace DEK Blob in final image.
u-boot-nodtb.bin size:
806408
kuk-trizeps8.dtb size:
33531
./mkimage_uboot -E -p 0x3000 -f u-boot-trizeps8.its u-boot-trizeps8.itb
u-boot-trizeps8.its:7.11-14.5: Warning (unit_address_vs_reg): /images/uboot@1: node has a unit name, but no reg property
u-boot-trizeps8.its:15.9-20.5: Warning (unit_address_vs_reg): /images/fdt@1: node has a unit name, but no reg property
u-boot-trizeps8.its:21.9-29.5: Warning (unit_address_vs_reg): /images/atf@1: node has a unit name, but no reg property
u-boot-trizeps8.its:30.9-38.5: Warning (unit_address_vs_reg): /images/tee@1: node has a unit name, but no reg property
u-boot-trizeps8.its:39.14-45.5: Warning (unit_address_vs_reg): /images/dek_blob@1: node has a unit name, but no reg property
u-boot-trizeps8.its:50.12-55.5: Warning (unit_address_vs_reg): /configurations/config@1: node has a unit name, but no reg property
FIT description: Configuration to load ATF before U-Boot
Created: Sun Sep 4 17:51:40 2022
Image 0 (uboot@1)
Description: U-Boot (64-bit)
Created: Sun Sep 4 17:51:40 2022
Type: Standalone Program
Compression: uncompressed
Data Size: 806408 Bytes = 787.51 KiB = 0.77 MiB
Architecture: AArch64
Load Address: 0x40200000
Entry Point: unavailable
Image 1 (fdt@1)
Description: kuk-trizeps8
Created: Sun Sep 4 17:51:40 2022
Type: Flat Device Tree
Compression: uncompressed
Data Size: 33531 Bytes = 32.75 KiB = 0.03 MiB
Architecture: Unknown Architecture
Image 2 (atf@1)
Description: ARM Trusted Firmware
Created: Sun Sep 4 17:51:40 2022
Type: Firmware
Compression: uncompressed
Data Size: 45408 Bytes = 44.34 KiB = 0.04 MiB
Architecture: AArch64
OS: Unknown OS
Load Address: 0x00920000
Image 3 (tee@1)
Description: TEE firmware
Created: Sun Sep 4 17:51:40 2022
Type: Firmware
Compression: uncompressed
Data Size: 254504 Bytes = 248.54 KiB = 0.24 MiB
Architecture: AArch64
OS: Unknown OS
Load Address: 0xbe000000
Image 4 (dek_blob@1)
Description: dek_blob
Created: Sun Sep 4 17:51:40 2022
Type: Script
Compression: uncompressed
Data Size: 96 Bytes = 0.09 KiB = 0.00 MiB
Default Configuration: 'config@1'
Configuration 0 (config@1)
Description: kuk-trizeps8
Kernel: unavailable
Firmware: uboot@1
FDT: fdt@1
Loadables: dek_blob@1
atf@1
tee@1
./mkimage_imx8 -fit -loader u-boot-spl-ddr.bin 0x7E1000 -second_loader u-boot-trizeps8.itb 0x40200000 0x60000 -out flash.bin
Platform: i.MX8M (mScale)
Using FIT image
LOADER IMAGE: u-boot-spl-ddr.bin start addr: 0x007e1000
SECOND LOADER IMAGE: u-boot-trizeps8.itb start addr: 0x40200000 offset: 0x00060000
Output: flash.bin
========= IVT HEADER [HDMI FW] =========
header.tag: 0x0
header.length: 0x0
header.version: 0x0
entry: 0x0
reserved1: 0x0
dcd_ptr: 0x0
boot_data_ptr: 0x0
self: 0x0
csf: 0x0
reserved2: 0x0
boot_data.start: 0x0
boot_data.size: 0x0
boot_data.plugin: 0x0
========= IVT HEADER [PLUGIN] =========
header.tag: 0x0
header.length: 0x0
header.version: 0x0
entry: 0x0
reserved1: 0x0
dcd_ptr: 0x0
boot_data_ptr: 0x0
self: 0x0
csf: 0x0
reserved2: 0x0
boot_data.start: 0x0
boot_data.size: 0x0
boot_data.plugin: 0x0
========= IVT HEADER [LOADER IMAGE] =========
header.tag: 0xd1
header.length: 0x2000
header.version: 0x41
entry: 0x7e1000
reserved1: 0x57c00
dcd_ptr: 0x0
boot_data_ptr: 0x7e0fe0
self: 0x7e0fc0
csf: 0x8187c0
reserved2: 0x0
boot_data.start: 0x7e0bc0
boot_data.size: 0x39c60
boot_data.plugin: 0x0
========= OFFSET dump =========
Loader IMAGE:
header_image_off 0x0
dcd_off 0x0
image_off 0x40
csf_off 0x37800
spl hab block: 0x7e0fc0 0x0 0x37800
Second Loader IMAGE:
sld_header_off 0x57c00
sld_csf_off 0x58c20
sld hab block: 0x401fcdc0 0x57c00 0x1020
For completion, here is my SPL CSF
[Header]
Version = 4.2
Hash Algorithm = sha256
Engine = CAAM
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "${PREFIX}/usr/share/cst/crts/SRK_1_2_3_4_table.bin"
Source index = 2
[Install NOCAK]
File = "${PREFIX}/usr/share/cst/crts/SRK3_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Authenticate Data]
Verification index = 0
Blocks = 0x7e0fc0 0x0 0x37800 "${PREFIX}/flash.bin"
And here is the full FIT CSF:
[Header]
Version = 4.2
Hash Algorithm = sha256
Engine = CAAM
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "${PREFIX}/usr/share/cst/crts/SRK_1_2_3_4_table.bin"
Source index = 2
[Install NOCAK]
File = "${PREFIX}/usr/share/cst/crts/SRK3_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Authenticate Data]
Verification index = 0
Blocks = 0x401fcdc0 0x57c00 0x1020 "${PREFIX}/flash.bin", \
0x40200000 0x5AC00 0xC4E08 "${PREFIX}/flash.bin", \
0x402C4E08 0x11FA08 0x82FB "${PREFIX}/flash.bin", \
0x920000 0x127D04 0xB160 "${PREFIX}/flash.bin", \
0xBE000000 0x132E64 0x3E228 "${PREFIX}/flash.bin"
As described in the initial post, this does produce invalid signature events. If I remove the last 4 lines (uboot, uboot-fdt, atf and optee), then there are no HAB events in the output, but the image fails to verify on a secure boot enabled device.
