FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

HAB enabled or not?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

HAB enabled or not?

Jump to solution
‎06-24-2014 03:55 AM
2,021 Views
jaiganesh
Contributor III

Hi all,

          I am working on HAB feature of imx6. I just want to know, how the ROM will know, if HAB is enabled or not? Will ROM check for  HW_OCOTP_CFG5 fuse or SRK fuses to check if HAB is enabled or not?

While testing, I have not fused both the above things (and by default, HAB is in open configuration), but enabled secure boot on u-boot (by defining CONFIG_SECURE_BOOT macro). When I tried booting the resultant u-boot.imx(without adding CSF data), some HAB events are printed on the console. I saw from the u-boot source code, that if "CONFIG_SECURE_BOOT" is defined, call "get_hab_status"  and so it prints the HAB events. My question, is the HAB check really performed or it just prints some spurious HAB events on the console since I have not fused either HW_OCOTP_CFG5 nor SRK fuses.

Labels (2)
Labels
Tags (3)
Reply
1 Solution

Jump to solution
‎06-24-2014 09:21 PM
1,418 Views
Yuri
NXP Employee
NXP Employee

  In some sense the HAB is always enabled, meaning that the boot ROM checks
the IVT, SRK, CSF before boot code executing. If SRK or CSF are not present (or illegal),
the boot code starts only in “Open” security configuration. Please refer to section 8.2.6
(Boot security settings) of the i.MX6 DQ Reference Manual (RM) about security configurations.
Also, for more details please use section 8.6.1.1 (Image Vector Table Structure) of the RM

and Figure 1 (Secure Boot Flow from Device) of app note AN4581 (Secure Boot on i.MX50,
i.MX53, and i.MX 6 Series using HABv4).

http://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf


Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

View solution in original post

0 Kudos
Reply
1 Reply

Jump to solution
‎06-24-2014 09:21 PM
1,419 Views
Yuri
NXP Employee
NXP Employee

  In some sense the HAB is always enabled, meaning that the boot ROM checks
the IVT, SRK, CSF before boot code executing. If SRK or CSF are not present (or illegal),
the boot code starts only in “Open” security configuration. Please refer to section 8.2.6
(Boot security settings) of the i.MX6 DQ Reference Manual (RM) about security configurations.
Also, for more details please use section 8.6.1.1 (Image Vector Table Structure) of the RM

and Figure 1 (Secure Boot Flow from Device) of app note AN4581 (Secure Boot on i.MX50,
i.MX53, and i.MX 6 Series using HABv4).

http://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf


Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply