HAB event with latest uboot-imx 2021.04

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HAB event with latest uboot-imx 2021.04

468 Views
jclsn
Contributor IV

I have a weird issue that I don't understand. I could successfully sign my images and activate HAB authentication last year. I signed the bootloader and additional images.

Recently, I have updated uboot-imx to the latest version and since then I am getting a HAB event. There are a few differences. The old bootloader was built with the Android toolchain and the new one with the Yocto toolchain. There are also differences in the defconfigs, but CONFIG_SECURE_BOOT=y is enabled in both, so it should be fine.

I just manually verified this behavior with the hab_auth_img command. There also is a HAB event when authenticating the bootloader, but the system still boots. Seems like this is a faulty HAB event, that doesnt have any consequences. Since I am checking the additional images in my bootscripts, I can now no longer process the  hab_auth_img return value.

Old version: 2018.03
New version: 2021.04

HAB event from additional image

AB Configuration: 0xcc, HAB State: 0x99

--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x24 0x43 0x33 0x30 0xee 0x1d
        0x00 0x08 0x00 0x02 0x00 0x00 0x00 0x00
        0x55 0x55 0x00 0x02 0x00 0x00 0x00 0x00
        0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
        0x00 0x00 0x02 0x06

STS = HAB_FAILURE (0x33)
RSN = HAB_ENG_FAIL (0x30)
CTX = HAB_CTX_EXIT (0xEE)
ENG = HAB_ENG_CAAM (0x1D)

 

Labels (1)
0 Kudos
3 Replies

390 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi

Firstly, recommend hanging in uboot's start.s  and then use debugger to read HAB memory. It might need to be analyzed in stages, to find where the issue is triggered.

 

Best regards

Harvey

0 Kudos

420 Views
jclsn
Contributor IV

Yes, CONFIG_IMX_HAB=y is used for the new bootloader. My initial post was incorrect. The HAB event occurs nonetheless.

0 Kudos

435 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi @jclsn 

To enable secure boot support in U-boot with HAB feature in New version: 2021.04, the configuration in Defconfig is CONFIG_IMX_HAB=y, instead of CONFIG_SECURE_BOOT=y.

 

Best regards

Harvey

 

0 Kudos