- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- HABv4 on imx6solo
HABv4 on imx6solo
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
chip: imx6solo rev1.3
uboot version: imx_v2018.03_4.14.78_1.0.0_ga
CST tools: CST3.2.0
Hi,
I follow the steps in file AN4581 to generate the keys and crts, and write the SRK hash to the Fuses, but didn't close the chip. Then switch my board BOOT_MODE[1:0] to 00 which means boot from Fuses.
and use the script in AN4581 "Appendix F. i.MX manufacturing tool", the script is attached. But the device cannot boot up and no log in UART.
Then I switch the BOOT_MODE[1:0] to 10, and enter u-boot command line, get the hab_status as below:
=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ADDRESS (0x22)
CTX = HAB_CTX_AUTHENTICATE (0x0A)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x00
0x00 0x00 0x00 0x20STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x2c
0x00 0x00 0x02 0x38STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x20
0x00 0x00 0x00 0x01STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x80 0x00 0x00
0x00 0x00 0x00 0x04STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
Could some one help check what it means?
Further more, Does it need to pad 0xFF to the u-boot before/after calling cst tools?
objcopy -I binary -O binary --pad-to 0xXXXX --gap-fill=0xff ${PROG_NAME}.imx ${PROG_NAME}_padded.imx
objcopy -I binary -O binary --pad-to 0xXXXX --gap-fill=0xff ${PROG_NAME}_tmp.bin ${PROG_NAME}_signed.bin
Which files need to use in CSF files?
Blocks = 0x177ff400 0x00000000 0x000AF000 "u-boot_padded.imx"
or
Blocks = 0x177ff400 0x00000000 0x000AEC00 "u-boot.imx"
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is solved now, mark here:
No need add DCD in CSF file, I don't know why my mfgtools don't need this, but after remove all DCD block from my CSF file, and add kernel CSF, and close the device, all runs well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is solved now, mark here:
No need add DCD in CSF file, I don't know why my mfgtools don't need this, but after remove all DCD block from my CSF file, and add kernel CSF, and close the device, all runs well.
Yuri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
my script of signing as below
#!/bin/bash
PROG_NAME=u-boot
objcopy -I binary -O binary --pad-to 0xaec00 --gap-fill=0xff ${PROG_NAME}.imx ${PROG_NAME}_padded.imx
./mod_4_mfgtool.sh clear_dcd_addr ${PROG_NAME}_padded.imx
../linux64/bin/cst --o ${PROG_NAME}_csf.bin --i ${PROG_NAME}.csf
objcopy -I binary -O binary --pad-to 0x4000 --gap-fill=0xff ${PROG_NAME}_csf.bin ${PROG_NAME}_csf_pad.bin
./mod_4_mfgtool.sh set_dcd_addr ${PROG_NAME}_padded.imx
cat ${PROG_NAME}_padded.imx ${PROG_NAME}_csf_pad.bin > ${PROG_NAME}_signed.bin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HAB has no event when
Blocks = 0x177ff400 0x00000000 0x000aec00 "./u-boot.imx"
but has lot of HAB event when
Blocks = 0x177ff400 0x00000000 0x000aec00 "./u-boot.imx", \
0x00910000 0x0000002c 0x00000238 "./u-boot.imx"
I use MfgTools to download the u-boot to NAND, should I use the second one?
Should I clear the DCD address before signing? and add the DCD address back after signing?
Jane
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Yuri,
I am looked up many your replies about HAB, it seems I move one step forward, but meet a new problem.
my CONFIG_CSF_SIZE is 0x4000, I try to pad the CSF to 0x4000, then the device could boot up when BOOT_MODE[1:0] =10,
=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
But still cannot boot when BOOT_MODE[1:0] =00.
What problem it might be?
Jane
Yuri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Is it possible to boot unsigned system when BOOT_MODE[1:0]=00?
Perhaps some fuses are incorrect for Your boot configuration?
Regards,
Yuri.
