帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How can I boot the Linux kernel with U-Boot when HAB is enabled?

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

How can I boot the Linux kernel with U-Boot when HAB is enabled?

跳至解决方案
‎03-31-2025 02:00 AM
1,088 次查看
spthx
Contributor II

I am using the i.MX8M Nano.
I have read the uboot-imx documentation and other related materials, and I am now able to boot U-Boot with secure boot and encrypted boot enabled.

Now, I am trying to manually load a pre-built kernel and DTB and boot using the booti command. However, I encountered the following error:

I suspect that the error is due to the kernel image not being signed.

u-boot=> fatload mmc 2:1 ${loadaddr} Image
28013056 bytes read in 144 ms (185.5 MiB/s)
u-boot=> fatload mmc 2:1 ${fdt_addr} imx8mn-ddr3l-evk.dtb
40155 bytes read in 9 ms (4.3 MiB/s)
u-boot=> booti ${loadaddr} - ${fdt_addr}

Authenticate image from DDR location 0x40400000...
bad magic magic=0xff length=0xffff version=0xff
bad length magic=0xff length=0xffff version=0xff
Bad version magic=0xff length=0xffff version=0xff
Error: Invalid IVT structure
Authenticate Image Fail, Please check


How can I boot the Linux kernel with U-Boot when HAB is enabled?
If signing is required, how should I sign the kernel?

Additionally, the method described in the earlier guide seems to assume a standalone environment.
How can I generate an HAB-compatible image within Yocto?

Best regards.

0 项奖励
回复
1 解答

跳至解决方案
‎03-31-2025 07:57 PM
1,058 次查看
Harvey021
NXP TechSupport
NXP TechSupport

Please have a reference to the <3. Authenticating additional boot images> of mx8m_secure_boot.txt for kernel signing.

About How can I generate an HAB-compatible image within Yocto?

-> Please have a reference to <10.9 Security reference design> of IMX_LINUX_USERS_GUIDE.pdf 

 

Regards

Harvey

 

在原帖中查看解决方案

0 项奖励
回复
3 回复数

跳至解决方案
‎03-31-2025 07:57 PM
1,059 次查看
Harvey021
NXP TechSupport
NXP TechSupport

Please have a reference to the <3. Authenticating additional boot images> of mx8m_secure_boot.txt for kernel signing.

About How can I generate an HAB-compatible image within Yocto?

-> Please have a reference to <10.9 Security reference design> of IMX_LINUX_USERS_GUIDE.pdf 

 

Regards

Harvey

 

0 项奖励
回复

跳至解决方案
‎04-01-2025 12:53 AM
1,036 次查看
spthx
Contributor II

Hi @Harvey021,

Thanks for your help.
HAB authentication passes now, but I get a kernel panic.
Do you know what might be causing this?

Best Regards,

uboot.log
0 项奖励
回复

跳至解决方案
‎04-01-2025 05:46 PM
1,010 次查看
spthx
Contributor II
Resolved.
The reason was that bootargs was not configured.
回复
%3CLINGO-SUB%20id%3D%22lingo-sub-2070990%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%E5%BD%93%E5%90%AF%E7%94%A8%20HAB%20%E6%97%B6%EF%BC%8C%E5%A6%82%E4%BD%95%E4%BD%BF%E7%94%A8%20U-Boot%20%E5%90%AF%E5%8A%A8%20Linux%20%E5%86%85%E6%A0%B8%EF%BC%9F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2070990%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%E6%88%91%E6%AD%A3%E5%9C%A8%E4%BD%BF%E7%94%A8%20i.MX8M%20Nano%E3%80%82%3CBR%20%2F%3E%E6%88%91%E5%B7%B2%E7%BB%8F%E9%98%85%E8%AF%BB%E4%BA%86%20uboot-imx%20%E6%96%87%E6%A1%A3%E5%92%8C%E5%85%B6%E4%BB%96%E7%9B%B8%E5%85%B3%E6%9D%90%E6%96%99%EF%BC%8C%E7%8E%B0%E5%9C%A8%E6%88%91%E8%83%BD%E5%A4%9F%E5%9C%A8%E5%90%AF%E7%94%A8%E5%AE%89%E5%85%A8%E5%90%AF%E5%8A%A8%E5%92%8C%E5%8A%A0%E5%AF%86%E5%90%AF%E5%8A%A8%E7%9A%84%E6%83%85%E5%86%B5%E4%B8%8B%E5%90%AF%E5%8A%A8%20U-Boot%E3%80%82%3C%2FP%3E%3CP%3E%E7%8E%B0%E5%9C%A8%EF%BC%8C%E6%88%91%E6%AD%A3%E5%9C%A8%E5%B0%9D%E8%AF%95%E6%89%8B%E5%8A%A8%E5%8A%A0%E8%BD%BD%E9%A2%84%E6%9E%84%E5%BB%BA%E7%9A%84%E5%86%85%E6%A0%B8%E5%92%8C%20DTB%20%E5%B9%B6%E4%BD%BF%E7%94%A8%20booti%20%E5%91%BD%E4%BB%A4%E5%90%AF%E5%8A%A8%E3%80%82%E4%BD%86%E6%98%AF%EF%BC%8C%E6%88%91%E9%81%87%E5%88%B0%E4%BA%86%E4%BB%A5%E4%B8%8B%E9%94%99%E8%AF%AF%EF%BC%9A%3C%2FP%3E%3CP%3E%E6%88%91%E6%80%80%E7%96%91%E8%AF%A5%E9%94%99%E8%AF%AF%E6%98%AF%E7%94%B1%E4%BA%8E%E5%86%85%E6%A0%B8%E6%98%A0%E5%83%8F%E6%9C%AA%E7%AD%BE%E5%90%8D%E9%80%A0%E6%88%90%E7%9A%84%E3%80%82%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%20translate%3D%22no%22%3Eu-boot%3D%26gt%3B%20fatload%20mmc%202%3A1%20%24%7Bloadaddr%7D%20Image%0A28013056%20bytes%20read%20in%20144%20ms%20(185.5%20MiB%2Fs)%0Au-boot%3D%26gt%3B%20fatload%20mmc%202%3A1%20%24%7Bfdt_addr%7D%20imx8mn-ddr3l-evk.dtb%0A40155%20bytes%20read%20in%209%20ms%20(4.3%20MiB%2Fs)%0Au-boot%3D%26gt%3B%20booti%20%24%7Bloadaddr%7D%20-%20%24%7Bfdt_addr%7D%0A%0AAuthenticate%20image%20from%20DDR%20location%200x40400000...%0Abad%20magic%20magic%3D0xff%20length%3D0xffff%20version%3D0xff%0Abad%20length%20magic%3D0xff%20length%3D0xffff%20version%3D0xff%0ABad%20version%20magic%3D0xff%20length%3D0xffff%20version%3D0xff%0AError%3A%20Invalid%20IVT%20structure%0AAuthenticate%20Image%20Fail%2C%20Please%20check%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%3CBR%20%2F%3E%E5%BD%93%E5%90%AF%E7%94%A8%20HAB%20%E6%97%B6%EF%BC%8C%E5%A6%82%E4%BD%95%E4%BD%BF%E7%94%A8%20U-Boot%20%E5%90%AF%E5%8A%A8%20Linux%20%E5%86%85%E6%A0%B8%EF%BC%9F%3CBR%20%2F%3E%E5%A6%82%E6%9E%9C%E9%9C%80%E8%A6%81%E7%AD%BE%E5%90%8D%EF%BC%8C%E6%88%91%E5%BA%94%E8%AF%A5%E5%A6%82%E4%BD%95%E5%AF%B9%E5%86%85%E6%A0%B8%E8%BF%9B%E8%A1%8C%E7%AD%BE%E5%90%8D%EF%BC%9F%3C%2FP%3E%3CP%3E%E6%AD%A4%E5%A4%96%EF%BC%8C%E6%97%A9%E6%9C%9F%E6%8C%87%E5%8D%97%E4%B8%AD%E6%8F%8F%E8%BF%B0%E7%9A%84%E6%96%B9%E6%B3%95%E4%BC%BC%E4%B9%8E%E5%81%87%E8%AE%BE%E4%BA%86%E4%B8%80%E4%B8%AA%E7%8B%AC%E7%AB%8B%E7%9A%84%E7%8E%AF%E5%A2%83%E3%80%82%3CBR%20%2F%3E%E5%A6%82%E4%BD%95%E5%9C%A8%20Yocto%20%E4%B8%AD%E7%94%9F%E6%88%90%E4%B8%8E%20HAB%20%E5%85%BC%E5%AE%B9%E7%9A%84%E5%9B%BE%E5%83%8F%EF%BC%9F%3C%2FP%3E%3CP%3E%E9%A1%BA%E7%A5%9D%E5%95%86%E7%A5%BA%EF%BC%81%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2072414%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%E5%9B%9E%E5%A4%8D%EF%BC%9A%E5%BD%93%E5%90%AF%E7%94%A8%20HAB%20%E6%97%B6%EF%BC%8C%E5%A6%82%E4%BD%95%E4%BD%BF%E7%94%A8%20U-Boot%20%E5%90%AF%E5%8A%A8%20Linux%20%E5%86%85%E6%A0%B8%EF%BC%9F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2072414%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%E5%B7%B2%E8%A7%A3%E5%86%B3%E3%80%82%3CBR%20%2F%3E%E5%8E%9F%E5%9B%A0%E6%98%AF%E6%B2%A1%E6%9C%89%E9%85%8D%E7%BD%AE%20bootargs%E3%80%82%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E