FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

HAB on iMX6

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HAB on iMX6

‎02-10-2015 09:51 PM
2,736 Views
saisuryanarayan
Contributor I

Hi freescale team,

Thanks for your support.Now i am not getting any hab events

when i run hab_status command in u-boot.Here i applied patches from

following links.

LINKS:

http://lists.denx.de/pipermail/u-boot/2014-September/189027.html

http://lists.denx.de/pipermail/u-boot/2014-June/181423.html

In those links there is command called hab_auth_img .Curretnly it was

giving *hab fuse not enabled *(since i didn't made SEC_CONFIG fuse as

closed).

For testing purpose i made return value of the function which checks

SEC_CONFIG *(this function checks SEC_CONFIG fuse and returns TRUE if it is

closed otherwise FALS function:is_hab_enabled)* fuse status as TRUE (made

return 1) .That time *hab_auth_img *command is dumping IVT,CSF ....and they

are looks fine and it is entering to *authenticate_image *function in ROM

and strucking at that point.

Is this function checks SEC_CONFIG fuse internally?

This failure is because of not making SEC_CONFIG as closed?

Can blow the fuses now?

Thank You

With Warm Regards,

Sai Suryanarayan S

*Cell : *+91 8867185975 | Skype : Suryanarayan sarabu

0 Kudos
Reply
1 Reply

‎02-11-2015 12:21 AM
1,590 Views
Yuri
NXP Employee
NXP Employee

  The SEC_CONFIG  fuse is used (by boot ROM) to prevent execution of unauthorized
bootloader software. Only in Open configuration it is enable to run unsigned
bootloader : the ROM/HAB performs image authentication, but all authentication

errors are ignored and the image is still allowed to execute.

  Note : It is not recommended to program the SEC_CONFIG fuse to Close mode
except you have verified all the HAB function.

  From

Mx6 HAB (High Assurance Boot)

7 After verify all the HAB function, blow SEC_CONFIG fuse to close mode.

    $ echo 0x2 > /sys/fsl_otp/HW_OCOTP_CFG5


Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply