I have a weird issue that I don't understand. I could successfully sign my images and activate HAB authentication last year. I signed the bootloader and additional images.
Recently, I have updated uboot-imx to the latest version and since then I am getting a HAB event. There are a few differences. The old bootloader was built with the Android toolchain and the new one with the Yocto toolchain. There are also differences in the defconfigs, but CONFIG_SECURE_BOOT=y is enabled in both, so it should be fine.
I just manually verified this behavior with the hab_auth_img command. There also is a HAB event when authenticating the bootloader, but the system still boots. Seems like this is a faulty HAB event, that doesnt have any consequences. Since I am checking the additional images in my bootscripts, I can now no longer process the hab_auth_img return value.
Old version: 2018.03
New version: 2021.04
HAB event from additional image
AB Configuration: 0xcc, HAB State: 0x99
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x24 0x43 0x33 0x30 0xee 0x1d
0x00 0x08 0x00 0x02 0x00 0x00 0x00 0x00
0x55 0x55 0x00 0x02 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x02 0x06
STS = HAB_FAILURE (0x33)
RSN = HAB_ENG_FAIL (0x30)
CTX = HAB_CTX_EXIT (0xEE)
ENG = HAB_ENG_CAAM (0x1D)
