HAB authenticate image callback usage

DanielD · ‎12-03-2021

Hello,

I'm working on implementing Secure Boot on a Board based on the i.MX8M Mini. I tried to use the hab_rvt_authenticate_image() function which worked. Now I wanted to implement a callback function. The problem is that I don't understand when exactly the callback function is called. No matter if I write it as if it is called before or after authetication, I get an Invalid IVT Event, which isn't happening if I don't use the callback and copy manually.

With that said, my questions are:

1) When is the callback called, befor or after authentication?

2) Do I miss something about the intended usage?

Zhiming_Liu · ‎12-06-2021

Please see HAB4_API.pdf

Warnings:
• The loader callback function should lie within existing authenticated areas.
• It is the responsibility of the caller to check the initial image load addresses using hab_rvt.check_target() prior to loading the initial image and calling this function.
• After completion of hab_rvt.authenticate_image(), the caller should test using hab_rvt.assert() that the Boot Data was authenticated.
• After completion of hab_rvt.authenticate_image(), the caller should test using hab_rvt.assert() that the Boot Data was authenticated

DanielD · ‎12-07-2021

Hello, thanks for the answer.

I took care of the warnings you posted and tried to find the answer to my question in the HAB4_API.pdf. In the document it is stated that the callback function is called between the dcd and the csf. As far as I understood, that means that the callback function is called before authentication happens. Is that right?

HAB authenticate image callback usage

HAB authenticate image callback usage

i.MX 8M | i.MX 8M Mini | i.MX 8M Nano