Hi NXP
I am using IMX8MP EVK Board , I want to enable Secure Boot on Android 14. Following is my steps:
1. cd cst-3.1.0/keys
2./hab4_pki_tree.sh
3. cd cst-3.1.0/crts
4. ../linux64/bin/srktool -h 4 -t SRK_1_2_3_4_table.bin -e SRK_1_2_3_4_fuse.bin -d sha256 -c SRK1_sha256_2048_65537_v3_ca_crt.pem, SRK2_sha256_2048_65537_v3_ca_crt.pem, SRK3_sha256_2048_65537_v3_ca_crt.pem, SRK4_sha256_2048_65537_v3_ca_crt.pem
6. uboot cmd:
9. edit
csf_spl.txt, csf_fit.txt csf_fit_fdt.txt 10.
15. csf_fit.txt
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
# Index of the key location in the SRK table to be installed
File = "../../crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
# Key used to authenticate the CSF data
File = "../../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target index = 2
# Key to install
File = "../../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x401fadc0 0x58000 0x1020 "u-boot-imx8mp-evk-uuu.imx", \
0x40200000 0x5D000 0x10A7E8 "u-boot-imx8mp-evk-uuu.imx", \
0x4030A7E8 0x1677E8 0x10788 "u-boot-imx8mp-evk-uuu.imx", \
0x970000 0x177F70 0xAA70 "u-boot-imx8mp-evk-uuu.imx"
16. csf_spl.txt
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
# Index of the key location in the SRK table to be installed
File = "../../crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
# Key used to authenticate the CSF data
File = "../../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Unlock]
# Leave Job Ring and DECO master ID registers Unlocked
Engine = CAAM
Features = MID, MFG
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target index = 2
# Key to install
File = "../../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x91ffc0 0x0 0x34000 "u-boot-imx8mp-evk-uuu.imx"
17.csf_fit_fdt.txt
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
# Index of the key location in the SRK table to be installed
File = "../../crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
# Key used to authenticate the CSF data
File = "../../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target index = 2
# Key to install
File = "../../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x401fadc0 0x58000 0x3020 "u-boot-imx8mp-evk-uuu.imx"
Hi @liangyan
Will reply back to you in your other case
IMX8MP Android 14 secure boot HAB Failed - NXP Community
Regards
Harvey