How to get HAB block address from FIT Image - i.MX 8M Mini

kanimozhi_t · ‎11-30-2020

Hi,

REF: How to get HAB Authenticate Data block address for i.MX 8M Mini

The fdtdump solution provided on referred question doesn't give all the required parameters in our trial. Usually we need the following parameters for signing/encryption of FIT image.

DEK_BLOB_LOAD_ADDR=0x40400000

========= OFFSET dump =========
Loader IMAGE:
header_image_off 0x0
dcd_off 0x0
image_off 0x40
csf_off 0x2d800
spl hab block: 0x7e0fc0 0x0 0x2d800

Second Loader IMAGE:
sld_header_off 0x57c00
sld_csf_off 0x58c20
sld hab block: 0x401fcdc0 0x57c00 0x1020

TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 VERSION=v1 ./print_fit_hab.sh 0x60000 fsl-imx8mm-evk.dtb
0x40200000 0x5AC00 0xB3FD8
0x402B3FD8 0x10EBD8 0x8628
0x920000 0x117200 0xB160
0xBE000000 0x122360 0x5C000

It would be helpful if you could point out how we can get these addresses without imx-boot build log?

NOTE: Can we dump header as we do in i.MX 6UL (described in AN 4581) for the i.MX 8mm. If so could you share the header range and format?

Thanks in advance.

IvanRuiz · ‎12-04-2020

Hi,

We don't have an automated way to extract CSF information from the Yocto build.

Please build each project manually and follow the U-Boot docs: https://source.codeaurora.org/external/imx/uboot-imx/tree/doc/imx/habv4/guides/mx8m_secure_boot.txt?...

BR,

Ivan.

kanimozhi_t · ‎12-11-2020

Hi @IvanRuiz

Thanks for the reply, I wonder is there an encryption method that encrypts FIT as a whole without explicitly mentioning u-boot, ATF & OP-TEE (such as we do in SPL encryption)

Any inputs on this would be valuable.

Thanks in advance.