How to enable secure boot for IMX8MM

Ben_Teng · ‎05-22-2023

Hello,

Currently I'm working on Enable SecureBoot, would anyone guide me and point me out what steps I missed?

Here's my step as below:

Step 1. download cst-3.3.1.tgz

Step 2. tar xvf cst-3.3.1.tgz && cd cst-3.3.1/keys

Step 3. cst-3.3.1/keys

$ echo "4242424E" > ser

$ echo "test" > key_pass.txt

$ echo "test" >> key_pass.txt

$ ./hab4_pki_tree.sh

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This script is a part of the Code signing tools for Freescale's
High Assurance Boot. It generates a basic PKI tree. The PKI
tree consists of one or more Super Root Keys (SRK), with each
SRK having two subordinate keys:
+ a Command Sequence File (CSF) key
+ Image key.
Additional keys can be added to the PKI tree but a separate
script is available for this. This this script assumes openssl
is installed on your system and is included in your search
path. Finally, the private keys generated are password
protectedwith the password provided by the file key_pass.txt.
The format of the file is the password repeated twice:
my_password
my_password
All private keys in the PKI tree are in PKCS #8 format will be
protected by the same password.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Do you want to use an existing CA key (y/n)?: n
Do you want to use Elliptic Curve Cryptography (y/n)?: n
Enter key length in bits for PKI tree: 2048
Enter PKI tree duration (years): 20
How many Super Root Keys should be generated? 4
Do you want the SRK certificates to have the CA flag set? (y/n)?: y

Step 4. cd ../crts &&

../linux64/bin/srktool \
> -h 4 \
> -t SRK_1_2_3_4_table.bin \
> -e SRK_1_2_3_4_fuse.bin \
> -d sha256 \
> -c ./SRK1_sha256_2048_65537_v3_ca_crt.pem,\
> ./SRK2_sha256_2048_65537_v3_ca_crt.pem,\
> ./SRK3_sha256_2048_65537_v3_ca_crt.pem,\
> ./SRK4_sha256_2048_65537_v3_ca_crt.pem

Number of certificates = 4
SRK table binary filename = SRK_1_2_3_4_table.bin
SRK Fuse binary filename = SRK_1_2_3_4_fuse.bin
SRK Fuse binary dump:
SRK HASH[0] = 0xDA7CCBEB
SRK HASH[1] = 0xD7D9F573
SRK HASH[2] = 0x20DEBFD6
SRK HASH[3] = 0x0E4AAC11
SRK HASH[4] = 0xB0965A65
SRK HASH[5] = 0x1A89C7DA
SRK HASH[6] = 0x6D960E3F
SRK HASH[7] = 0xE080A6D8

Step 5. CONFIG_SECURE_BOOT=y In uboot then rebuild it.

Step 6.

$ cp imx-uboot/tools/mkimage ./imx-mkimage/iMX8M/mkimage_uboot
$ cp imx-uboot/arch/arm/dts/myb-imx8mm-base.dtb ./imx-mkimage/iMX8M/fsl-imx8mm-ddr4-evk.dtb
$ cp imx-uboot/spl/u-boot-spl.bin ./imx-mkimage/iMX8M/
$ cp imx-uboot/u-boot-nodtb.bin ./imx-mkimage/iMX8M/

# firmware-imx-8.7
$ cp firmware-imx-8.7/firmware/ddr/synopsys/ddr4_dmem_1d.bin ./imx-mkimage/iMX8M/
$ cp firmware-imx-8.7/firmware/ddr/synopsys/ddr4_dmem_2d.bin ./imx-mkimage/iMX8M/
$ cp firmware-imx-8.7/firmware/ddr/synopsys/ddr4_imem_1d.bin ./imx-mkimage/iMX8M/
$ cp firmware-imx-8.7/firmware/ddr/synopsys/ddr4_imem_2d.bin ./imx-mkimage/iMX8M/

# imx8mm-atf
$ cp imx-atf/build/imx8mm/release/bl31.bin ./imx-mkimage/iMX8M/

$ cd imx-mkimage
$ make SOC=iMX8MM clean
$ make SOC=iMX8MM flash_ddr4_evk

========= OFFSET dump =========
Loader IMAGE:
header_image_off 0x0
dcd_off 0x0
image_off 0x40
csf_off 0x2c600
spl hab block: 0x7e0fc0 0x0 0x2c600

Second Loader IMAGE:
sld_header_off 0x57c00
sld_csf_off 0x58c20
sld hab block: 0x401fcdc0 0x57c00 0x1020

$ make SOC=iMX8MM print_fit_hab_ddr
./../scripts/pad_image.sh bl31.bin
./../scripts/pad_image.sh u-boot-nodtb.bin fsl-imx8mm-ddr4-evk.dtb
TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 VERSION=v1 ./print_fit_hab.sh 0x60000 fsl-imx8mm-ddr4-evk.dtb
0x40200000 0x5AC00 0x9BDB0
0x4029BDB0 0xF69B0 0x83B0
0x920000 0xFED60 0xA160

Step 7. Copy template from imx-uboot source code

$ cp ./myir-imx-uboot/doc/imx/habv4/csf_examples/mx8m/csf_fit.txt cst-3.3.1

$ cp ./myir-imx-uboot/doc/imx/habv4/csf_examples/mx8m/csf_spl.txt

Step 8. Modify Blocks in csf_spl.txt

Blocks = 0x7e0fc0 0x0 0x2c600 "flash.bin"

Step 9. Modify Blocks in csf_fit.txt

Blocks = 0x401fcdc0 0x57c00 0x1020 "flash.bin" \

0x40200000 0x5AC00 0x9BDB0 "flash.bin" \
0x4029BDB0 0xF69B0 0x83B0 "flash.bin" \
0x920000 0xFED60 0xA160 "flash.bin"

Step 10. Signed flash.bin then updating uboot

$ ../linux64/bin/cst -i csf_spl.txt -o csf_spl.bin
Install SRK
Install CSFK
Authenticate CSF
Install key
Authenticate data
CSF Processed successfully and signed data available in csf_spl.bin
$ ../linux64/bin/cst -i csf_fit.txt -o csf_fit.bin
Install SRK
Install CSFK
Authenticate CSF
Install key
Authenticate data
CSF Processed successfully and signed data available in csf_fit.bin

$ cp flash.bin signed_flash.bin

$ dd if=csf_spl.bin of=signed_flash.bin seek=$((0x2c600)) bs=1 conv=notrunc
3912+0 records in
3912+0 records out
3912 bytes (3.9 kB, 3.8 KiB) copied, 0.00899194 s, 435 kB/s
$ dd if=csf_fit.bin of=signed_flash.bin seek=$((0x58c20)) bs=1 conv=notrunc
3928+0 records in
3928+0 records out
3928 bytes (3.9 kB, 3.8 KiB) copied, 0.00964808 s, 407 kB/s

$ dd if=/tmp/signed_flash.bin of=/dev/mmcblk1 bs=1k seek=33 && sync && reboot

Step11. check hab_status

u-boot=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x21 0xc0 0x00
0xbe 0x00 0x0c 0x00 0x03 0x17 0x00 0x00
0x00 0x00 0x00 0x68

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_CERTIFICATE (0x21)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x40 0x1f 0xdd 0xc0
0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x7e 0x0f 0xc0
0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x7e 0x0f 0xe0
0x00 0x00 0x00 0x01

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x7e 0x10 0x00
0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 6 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x40 0x1f 0xcd 0xc0
0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 7 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x21 0xc0 0x00
0xbe 0x00 0x0c 0x00 0x03 0x17 0x00 0x00
0x00 0x00 0x00 0x58

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_CERTIFICATE (0x21)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

Step 12. fuse program

u-boot=> fuse prog 6 0 0xDA7CCBEB
u-boot=> fuse prog 6 1 0xD7D9F573
u-boot=> fuse prog 6 2 0x20DEBFD6
u-boot=> fuse prog 6 3 0x0E4AAC11
u-boot=> fuse prog 7 0 0xB0965A65
u-boot=> fuse prog 7 1 0x1A89C7DA
u-boot=> fuse prog 7 2 0x6D960E3F
u-boot=> fuse prog 7 3 0xE080A6D8

u-boot=> fuse prog 0 0 0x200

u-boot=> fuse prog 1 3 0x8000000

u-boot=> fuse prog 1 3 0x200000

u-boot=> fuse prog 1 3 0xC00000

u-boot=> reset

After resetting, iMX8MM can not bootup, could anyone help me clarify this?

I'm wondering what the correct way is or what steps I missed/wrong?

mason2036 · ‎06-13-2023

Harvey:

If it is fused out of factory, it became read only. So note what to "DIR_BT_DIS".

What we need to note to a fuse which is fused out of factory.

Tell me note what? do not fuse again?

Fuse the uuid, which is fused out of factory, what will happen? tell me. I will be careful.

Yes, you can go ahead for Completely secure the device, just a note to "DIR_BT_DIS".

Normally this bit is already fused out of factory. You can read it before fuse.

More details, refer to 5.7 Securing the device of AN4581.

Ben_Teng · ‎06-09-2023

Hi @Harvey021 ,

I've a question about output of U-boot Command "hab_status".

I just read the document "mx8m_secure_boot.txt" a few minutes ago, it says that

"Prior to closing the device users should ensure no HAB events were found",

we should not get any HAB Event when I called "hab_status" after we programming SRK Hash, right?

In this case the command output as below means something is wrong, am I right?