HAB errors with csf binaries built in Windows

amaha · ‎03-23-2022

I have an issue when using Windows to create the csf binaries using the CST tool for secure boot.

If I build the csf files in Linux, then the signed images behave as expected. The 'hab_status' and 'hab_auth_img' commands in u-boot return 'No HAB Events Found!'

However if I build the csf files in Windows, using exactly the same keys, images and configuration files, then the 'hab_status' and 'hab_auth_img' commands for the resulting signed images return errors.

I am currently using cst-3.3.1 and the processor is the i.MX8M Mini. The csf binaries are always inserted in the images in the Linux environment regardless of where those binaries were created, so I'm fairly sure that the issue is in the csf binaries themselves. I've attached an example CSF configuration file.

Is there a known issue with the CST tool in the Windows environment or is there some modification required for the csf configuration files to make the tool work?

amaha · ‎03-25-2022

Sorry for the noise ... I redid the signing process and the verification worked as expected for csf binaries built in either Windows or Linux.

Possibly, I still had an unsigned (or the wrong signed) boot image when I was testing a Windows derived FIT image. I hadn't realised that hab_auth_img will fail for a correctly signed FIT image if the boot image is not signed correctly. I had assumed that hab_auth_img only looked at the image loaded to the address passed in to the command, but it also does a call to get_hab_status and that was what was failing.

As an aside, the CST works with either Windows or Unix style paths in the csf configuration files

Zhiming_Liu · ‎03-24-2022

Can you check the log during you use csf.txt?

Mayebe you need change the file path like "..\crts\xxx.pem"

HAB errors with csf binaries built in Windows

HAB errors with csf binaries built in Windows

i.MX 8M | i.MX 8M Mini | i.MX 8M Nano