How to enable secure boot for IMX8MM

Hi @Harvey021 ,

Thanks for your reply!

Currently I'm using U-Boot 2019.04.

Is it alright? Thanks again!

Best Regards,

Ben

Hi 

Can you please share both your csf files? and would be better with your signed and unsigned images.

Best regards

Harvey

Hi @Harvey021 ,

Thanks for your reply!

Here's csf files and unsigned/signed images as attachment.

Thanks again!

Best Regards,

Ben

Hi @Ben_Teng 

Authenticate Data in your csf for fit should be matched as printed by print_fit_hab_ddr.

These mismatched lines marked with red as attached.

Best regards

Harvey

Hi @Harvey021 ,

Thanks for your reply!

Oops! Most likely I forgot to revise it.

In this case, do I have any chance to rescue it back? 

It cannot boot up due to my mistake.

Besides, would you please help me to check if my images and csf files correct or not when I rebuild it?

I would like to build it again.

Many thanks!

Best Regards, 

Ben

Hi 

You can retry to sign your boot image with correct csf files. It should be no problem, I don't see your fuse operation with error which will cause chip bricked if so. 

Best regards

Harvey

Hi @Harvey021 ,

Thanks for your reply!

The chip still bricked, let me attach csf & image I used currently again.

Is there anything wrong? 

$ build_boot.sh

include misc.mak
include m4.mak
include android.mak
include test.mak
include autobuild.mak
include rev_a.mak
include alias.mak
imx8qm clean done
include misc.mak
include m4.mak
include android.mak
include test.mak
include autobuild.mak
include rev_a.mak
include alias.mak
imx8qx clean done
Compiling mkimage_imx8
PLAT=imx8mm HDMI=no
Compiling mkimage_imx8
gcc -O2 -pipe -g -feliminate-unused-debug-types mkimage_imx8.c -o mkimage_imx8 -lz
24564+0 records in
24564+0 records out
98256 bytes (98 kB, 96 KiB) copied, 0.0506418 s, 1.9 MB/s
./../scripts/pad_image.sh bl31.bin
bl31.bin is padded to 41312
./../scripts/pad_image.sh u-boot-nodtb.bin fsl-imx8mm-ddr4-evk.dtb
u-boot-nodtb.bin + fsl-imx8mm-ddr4-evk.dtb are padded to 672096
DEK_BLOB_LOAD_ADDR=0x40400000 TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 ./mkimage_fit_atf.sh fsl-imx8mm-ddr4-evk.dtb > u-boot-ddr4-evk.its
bl31.bin size:
41312
u-boot-nodtb.bin size:
638376
fsl-imx8mm-ddr4-evk.dtb size:
33720
./mkimage_uboot -E -p 0x3000 -f u-boot-ddr4-evk.its u-boot-ddr4-evk.itb
u-boot-ddr4-evk.its:7.11-14.5: Warning (unit_address_vs_reg): /images/uboot@1: node has a unit name, but no reg property
u-boot-ddr4-evk.its:15.9-20.5: Warning (unit_address_vs_reg): /images/fdt@1: node has a unit name, but no reg property
u-boot-ddr4-evk.its:21.9-29.5: Warning (unit_address_vs_reg): /images/atf@1: node has a unit name, but no reg property
u-boot-ddr4-evk.its:34.12-39.5: Warning (unit_address_vs_reg): /configurations/config@1: node has a unit name, but no reg property
FIT description: Configuration to load ATF before U-Boot
Created: Tue Jun 6 14:16:06 2023
Image 0 (uboot@1)
Description: U-Boot (64-bit)
Created: Tue Jun 6 14:16:06 2023
Type: Standalone Program
Compression: uncompressed
Data Size: 638376 Bytes = 623.41 KiB = 0.61 MiB
Architecture: AArch64
Load Address: 0x40200000
Entry Point: unavailable
Image 1 (fdt@1)
Description: fsl-imx8mm-ddr4-evk
Created: Tue Jun 6 14:16:06 2023
Type: Flat Device Tree
Compression: uncompressed
Data Size: 33720 Bytes = 32.93 KiB = 0.03 MiB
Architecture: Unknown Architecture
Image 2 (atf@1)
Description: ARM Trusted Firmware
Created: Tue Jun 6 14:16:06 2023
Type: Firmware
Compression: uncompressed
Data Size: 41312 Bytes = 40.34 KiB = 0.04 MiB
Architecture: AArch64
OS: Unknown OS
Load Address: 0x00920000
Default Configuration: 'config@1'
Configuration 0 (config@1)
Description: fsl-imx8mm-ddr4-evk
Kernel: unavailable
Firmware: uboot@1
FDT: fdt@1
Loadables: atf@1
./mkimage_imx8 -version v1 -fit -loader u-boot-spl-ddr4.bin 0x7E1000 -second_loader u-boot-ddr4-evk.itb 0x40200000 0x60000 -out flash.bin
Platform: i.MX8M (mScale)
ROM VERSION: v1
Using FIT image
LOADER IMAGE: u-boot-spl-ddr4.bin start addr: 0x007e1000
SECOND LOADER IMAGE: u-boot-ddr4-evk.itb start addr: 0x40200000 offset: 0x00060000
Output: flash.bin
========= IVT HEADER [HDMI FW] =========
header.tag: 0x0
header.length: 0x0
header.version: 0x0
entry: 0x0
reserved1: 0x0
dcd_ptr: 0x0
boot_data_ptr: 0x0
self: 0x0
csf: 0x0
reserved2: 0x0
boot_data.start: 0x0
boot_data.size: 0x0
boot_data.plugin: 0x0
========= IVT HEADER [PLUGIN] =========
header.tag: 0x0
header.length: 0x0
header.version: 0x0
entry: 0x0
reserved1: 0x0
dcd_ptr: 0x0
boot_data_ptr: 0x0
self: 0x0
csf: 0x0
reserved2: 0x0
boot_data.start: 0x0
boot_data.size: 0x0
boot_data.plugin: 0x0
========= IVT HEADER [LOADER IMAGE] =========
header.tag: 0xd1
header.length: 0x2000
header.version: 0x41
entry: 0x7e1000
reserved1: 0x57c00
dcd_ptr: 0x0
boot_data_ptr: 0x7e0fe0
self: 0x7e0fc0
csf: 0x80d5c0
reserved2: 0x0
boot_data.start: 0x7e0bc0
boot_data.size: 0x2ea60
boot_data.plugin: 0x0
========= OFFSET dump =========
Loader IMAGE:
header_image_off 0x0
dcd_off 0x0
image_off 0x40
csf_off 0x2c600
spl hab block: 0x7e0fc0 0x0 0x2c600

Second Loader IMAGE:
sld_header_off 0x57c00
sld_csf_off 0x58c20
sld hab block: 0x401fcdc0 0x57c00 0x1020

imx-mkimage $ make SOC=iMX8MM print_fit_hab_ddr4
./../scripts/pad_image.sh bl31.bin
./../scripts/pad_image.sh u-boot-nodtb.bin fsl-imx8mm-ddr4-evk.dtb
TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 VERSION=v1 ./print_fit_hab.sh 0x60000 fsl-imx8mm-ddr4-evk.dtb
0x40200000 0x5AC00 0x9BDA8
0x4029BDA8 0xF69A8 0x83B8
0x920000 0xFED60 0xA160

Thanks again!

Best Regards,

Ben

I use the tools in cst to parse the signed_flash.bin in secureboot_csf_image.zip and re-create the hash.

hexdump SRK_fuses.bin
0000000 cbeb da7c f573 d7d9 bfd6 20de ac11 0e4a
0000010 5a65 b096 c7da 1a89 0e3f 6d96 a6d8 e080

It is correct. 

The big problem is:

You didn't follow the document in uboot-imx\doc\imx\habv4\guides\mx8m_secure_boot.txt.

The only fuse to enable the security boot on 8MM is 

- Program SEC_CONFIG[1] fuse on i.MX8M family devices:

=> fuse prog 1 3 0x2000000

You didn't do that.

But you program the SRK_LOCK (fuse prog 0 0 0x200). 

It is not the i.MX8MM document.

But according to my i.MX6 experience. 

If the  SRK_LOCK is set, even the ROM security boot cannot read the srk table.

So, you board gets bricked for ever.

Hi @rudi_cyber ,

Thanks for your reply,

I'll read uboot-imx\doc\imx\habv4\guides\mx8m_secure_boot.txt closely.

According to your experience, could I just only program the fuse as below?

u-boot=> fuse prog 6 0 0xDA7CCBEB
u-boot=> fuse prog 6 1 0xD7D9F573
u-boot=> fuse prog 6 2 0x20DEBFD6
u-boot=> fuse prog 6 3 0x0E4AAC11
u-boot=> fuse prog 7 0 0xB0965A65
u-boot=> fuse prog 7 1 0x1A89C7DA
u-boot=> fuse prog 7 2 0x6D960E3F
u-boot=> fuse prog 7 3 0xE080A6D8

Thanks again!

Best Regards,

Ben

The srk table hash is correct.

I have check the your signed flash.bin and  extract the srk table from your singed flash.bin.

and re-generate the hash by tools in cst. It is correct. 

You device hasn't been closed, yet. Because you didn't burn the SEC_CONFIG[1] fuse(fuse prog 1 3 0x2000000).

You problem is you burn the the SRK_LOCK (fuse prog 0 0 0x200).

If you didn't burn the SRK_LOCK (fuse prog 0 0 0x200), you can try till no any HAB event.

Then you close the device by burn the SEC_CONFIG[1] fuse(fuse prog 1 3 0x2000000).

The document in uboot, didn't tell you 

u-boot=> fuse prog 0 0 0x200

u-boot=> fuse prog 1 3 0x8000000

                      u-boot=> fuse prog 1 3 0x200000   you didn't close the device.

(SEC_CONFIG[1] fuse(fuse prog 1 3 0x2000000).）

u-boot=> fuse prog 1 3 0xC00000

I

https://github.com/nxp-imx/uboot-imx/blob/lf_v2022.04/doc/imx/habv4/guides/mx8m_secure_boot.txt

Prior to closing the device users should ensure no HAB events were found, as
the example below:

- Verify HAB events:

=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

attached the SRK_fuse.bin and SRKTable.bin extracted from your signed_flash.bin

hexdump -e '/4 "0x"' -e '/4 "%X""\n"' SRK_fuses.bin

0xDA7CCBEB

0xD7D9F573

0x20DEBFD6

0xE4AAC11

0xB0965A65

0x1A89C7DA

0x6D960E3F

0xE080A6D8

Hello, 

   You said you have extracted the srk table from your signed flash.bin and re-generated the hash by tools in cst. Can you tell me how did you do that? 

 I have hab events telling me I have invalid signature so I wanted to check if my flash.bin is correctly signed. 

Thank you. 

--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x34 0x45 0x33 0x18 0xc0 0x00
0xca 0x00 0x2c 0x00 0x02 0xc5 0x1d 0x00
0x00 0x00 0x16 0x54 0x40 0x1f 0xcd 0xc0
0x00 0x00 0x10 0x20 0x40 0x20 0x00 0x00
0x00 0x0c 0x8a 0x00 0x40 0x2c 0x8a 0x00
0x00 0x00 0x7c 0x60 0x00 0x97 0x00 0x00
0x00 0x00 0xb1 0x50

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x34 0x45 0x33 0x18 0xc0 0x00
0xca 0x00 0x2c 0x00 0x02 0xc5 0x1d 0x00
0x00 0x00 0x16 0x54 0x40 0x1f 0xcd 0xc0
0x00 0x00 0x10 0x20 0x40 0x20 0x00 0x00
0x00 0x0c 0x8a 0x00 0x40 0x2c 0x8a 0x00
0x00 0x00 0x7c 0x60 0x00 0x97 0x00 0x00
0x00 0x00 0xb1 0x50

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

Hi @gaurav_bankar ,

Please try hexdump -e '/4 "0x"' -e '/4 "%X""\n"' SRK_1_2_3_4_fuse.bin  so that you are able to retrieve the key you generated.

Hope it'll help you.

Ben.

Hi 

Can you tell more details about device bricked? 

Not sure what will happen when you do fuse 1 3 0x8000000, as I see this bit reserved.

If you close device, have you compared SRK fuse with SRK table? 

You can try to boot your signed image on a not-closed device.

Are you using your own script (build_boot.sh) to build uboot? then have you tried an unsigned image which can be booted on a not-closed device?

So far, I can't find problems from your csf and images.

Best regards

Harvey 

Hi @Harvey021 & @rudi_cyber,

I programed new fuse I re-generated couple of minutes ago, the chip is not bricked so far.

I checked hab_status Secure boot is still disabled, should I program these are shown as below for enable secure boot?

I'm not sure if it's fine to program these.

- Program SRK_LOCK:

=> fuse prog 0 0 0x200

- Program DIR_BT_DIS:

=> fuse prog 1 3 0x8000000

- Program SJC_DISABLE:

=> fuse prog 1 3 0x200000

- JTAG_SMODE:

=> fuse prog 1 3 0xC00000

Here's the log I programmed SRK_HASH. Then check hab_status.

u-boot=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!

u-boot=> fuse prog 6 0 0xF251CB62
Programming bank 6 word 0x00000000 to 0xf251cb62...
Warning: Programming fuses is an irreversible operation!
This may brick your system.
Use this command only if you are sure of what you are doing!

Really perform this fuse programming? <y/N>
y
u-boot=> fuse prog 6 1 0x7BF4EB5C
Programming bank 6 word 0x00000001 to 0x7bf4eb5c...
Warning: Programming fuses is an irreversible operation!
This may brick your system.
Use this command only if you are sure of what you are doing!

Really perform this fuse programming? <y/N>
y
u-boot=> fuse prog 6 2 0x02741273
Programming bank 6 word 0x00000002 to 0x02741273...
Warning: Programming fuses is an irreversible operation!
This may brick your system.
Use this command only if you are sure of what you are doing!

Really perform this fuse programming? <y/N>
y
u-boot=> fuse prog 6 3 0xD5EE1986
Programming bank 6 word 0x00000003 to 0xd5ee1986...
Warning: Programming fuses is an irreversible operation!
This may brick your system.
Use this command only if you are sure of what you are doing!

Really perform this fuse programming? <y/N>
y
u-boot=> fuse prog 7 0 0xF0CB6BB1
Programming bank 7 word 0x00000000 to 0xf0cb6bb1...
Warning: Programming fuses is an irreversible operation!
This may brick your system.
Use this command only if you are sure of what you are doing!

Really perform this fuse programming? <y/N>
y
u-boot=> fuse prog 7 1 0xE6E0D45E
Programming bank 7 word 0x00000001 to 0xe6e0d45e...
Warning: Programming fuses is an irreversible operation!
This may brick your system.
Use this command only if you are sure of what you are doing!

Really perform this fuse programming? <y/N>
y
u-boot=> fuse prog 7 2 0x6207D012
Programming bank 7 word 0x00000002 to 0x6207d012...
Warning: Programming fuses is an irreversible operation!
This may brick your system.
Use this command only if you are sure of what you are doing!

Really perform this fuse programming? <y/N>
y
u-boot=> fuse prog 7 3 0x1A6EAA7E
Programming bank 7 word 0x00000003 to 0x1a6eaa7e...
Warning: Programming fuses is an irreversible operation!
This may brick your system.
Use this command only if you are sure of what you are doing!

Really perform this fuse programming? <y/N>
y

u-boot=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!

1. fuse prog 1 3 0x2000000 is enough to finish the HAB close the device. SEC_CONFIG[1] fuse

    You don't need to program others. 

The others are related to the device SOC level security not HAB. 

2.  - Program SJC_DISABLE:

   => fuse prog 1 3 0x200000

This  fuse has no related to the HAB security. Open device still can disable  jtag. (no need fuse prog 1 3 0x2000000 )

3. - JTAG_SMODE:

=> fuse prog 1 3 0xC00000

This  fuse has no related to the HAB security. Open device still can use security jtag, which is called challenge. In i.MX is using uuid.(no need  fuse prog 1 3 0x2000000 )

Besides, when you disable the jtag, you have no chance to access the jtag, jtag challenge also doesn't exist. 

So when you use  SJC_DISABLE, JTAG_SMODE, you don't need to program JTAG_SMODE.

Hi @mason2036 ,

Noted, Thank you so much, I'm really appreciate it.

I'm facing another issue as below, is it the problem about kernel image is not signed?

Authenticate image from DDR location 0x40480000...
bad magic magic=0x90 length=0x4ba version=0x0
bad length magic=0x90 length=0x4ba version=0x0
bad version magic=0x90 length=0x4ba version=0x0
Error: Invalid IVT structure

Allowed IVT structure:
IVT HDR = 0x4X2000D1
IVT ENTRY = 0xXXXXXXXX
IVT RSV1 = 0x0
IVT DCD = 0x0
IVT BOOT_DATA = 0xXXXXXXXX
IVT SELF = 0xXXXXXXXX
IVT CSF = 0xXXXXXXXX
IVT RSV2 = 0x0
Authenticate Image Fail, Please check

Thanks again!

Best Regard,

Ben

Hi 

To enable secure boot, as stated in (uboot-imx/doc/imx/habv4/guides/mx8m_secure_boot.txt at lf_v2022.04 · nxp-imx/uboot-imx · GitHub) you have to close device.

- Program SEC_CONFIG[1] fuse on i.MX8M family devices:

=> fuse prog 1 3 0x2000000

Yes, you can go ahead for Completely secure the device, just a note to "DIR_BT_DIS".

Normally this bit is already fused out of factory. You can read it before fuse.

More details, refer to 5.7 Securing the device of AN4581.

Best regards

Harvey

Hi @Harvey021 ,

Thank you so much for your reply!

1. As stated in AN4581, DIR_BT_DIS: Disable direct external memory boot.

-> I'm still not fully get it, would you please tell me much more detail?

What to note "DIR_BT_DIS"? I'm confused by "direct external memory boot" and "eMMC boot", would you please tell me more about it?

2. After I programmed SEC_CONFIG[1], I get an Error:Invalid IVT structure, shown as below, how can I fix it?

Authenticate image from DDR location 0x40480000...
bad magic magic=0x90 length=0x4ba version=0x0
bad length magic=0x90 length=0x4ba version=0x0
bad version magic=0x90 length=0x4ba version=0x0
Error: Invalid IVT structure

Allowed IVT structure:
IVT HDR = 0x4X2000D1
IVT ENTRY = 0xXXXXXXXX
IVT RSV1 = 0x0
IVT DCD = 0x0
IVT BOOT_DATA = 0xXXXXXXXX
IVT SELF = 0xXXXXXXXX
IVT CSF = 0xXXXXXXXX
IVT RSV2 = 0x0
Authenticate Image Fail, Please check

Hi 

As these questions are already different from originals. will answer back to you in a new case for which I already clone one. 

Best regards

Harvey