帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to sign flash_flexspi target of mk-image for iMX8QX rev C0?

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

How to sign flash_flexspi target of mk-image for iMX8QX rev C0?

跳至解决方案
‎07-16-2021 07:29 AM
1,903 次查看
MistX
Contributor III

Ok, I have signed "flash" (SD card or USB) target of "imx-mkimage" because that process well described in documentation, and it works - ahab_status prints no security events (OTG USB boot through UUU).

But I found that can`t sign "flash_flexspi" target of "imx-mkimage" using the same CSF (for "flash" target):

破坏者
[ERROR] CST: Offsets are not consistent with the input binary to be signed

But offset in CSF correct - they are from imx-mkimage output.

破坏者

[Header]
Target = AHAB
Version = 1.0

[Install SRK]
# Output of srktool
File = "../SRK_1_2_3_4_table.bin"
# Public key certificate in PEM or DER format
Source = "../crts/SRK1_sha384_secp384r1_v3_ca_crt.der"
# Index of SRK in SRK table
Source index = 0
# Origin of SRK table
Source set = OEM
# Revoked SRKs
Revocations = 0x0

[Install Certificate]
# Public key certificate in PEM or DER format
File = "../crts/SGK1_1_sha384_secp384r1_v3_usr_crt.der"
Permissions = 0x1

[Authenticate Data]
# Output of mkimage
File = "flash.bin"
# Offsets = Container_header Signature_block (printed out by mkimage)
Offsets = 0x400 0x590

破坏者
Compiling mkimage_imx8
include misc.mak
include m4.mak
include android.mak
include test.mak
include autobuild.mak
include rev_a.mak
include alias.mak
./../mkimage_imx8 -soc QX -rev B0 -dev flexspi -append mx8qxc0-ahab-container.img -c -scfw scfw_tcm.bin -ap u-boot-atf.bin a35 0x80000000 -out flash.bin
SOC: QX
REVISION: B0
BOOT DEVICE: flexspi
New Container: 0
SCFW: scfw_tcm.bin
AP: u-boot-atf.bin core: a35 addr: 0x80000000
Output: flash.bin
CONTAINER FUSE VERSION: 0x00
CONTAINER SW VERSION: 0x0000
ivt_offset: 4096
rev: 2
Platform: i.MX8QXP B0
ivt_offset: 4096
container image offset (aligned):12000
flags: 0x10
Hash of the images = sha384
SCFW file_offset = 0x12000 size = 0x25000
Hash of the images = sha384
AP file_offset = 0x37000 size = 0xd3800
CST: CONTAINER 0 offset: 0x400
CST: CONTAINER 0: Signature Block: offset is at 0x590
DONE.
Note: Please copy image to offset: IVT_OFFSET + IMAGE_OFFSET
./../scripts/fspi_packer.sh ../scripts/fspi_header
F(Q)SPI IMAGE PACKED

How to sign "flash_flexspi" image for iMX8QXP C0?

标记 (1)
0 项奖励
回复
1 解答

跳至解决方案
‎07-20-2021 03:14 AM
1,882 次查看
BiyongSUN
NXP Employee
NXP Employee

BiyongSUN_0-1626776034418.png

 

4096

在原帖中查看解决方案

0 项奖励
回复
5 回复数

跳至解决方案
‎07-18-2021 09:08 PM
1,895 次查看
BiyongSUN
NXP Employee
NXP Employee

Please add spi header size 

0 项奖励
回复

跳至解决方案
‎07-19-2021 01:04 AM
1,892 次查看
MistX
Contributor III

You mean to add to CSF offsets the size of imx-mkimage/iMX8QX/imx-fspi-header.bin (1536 bytes) ?

So if I have CSF:

[Authenticate Data]
# Output of mkimage
File = "flash.bin"
# Offsets = Container_header Signature_block (printed out by mkimage)
Offsets = 0x400 0x590

I should change offsets to 0xA00 0xB90 respectively?

0 项奖励
回复

跳至解决方案
‎07-20-2021 03:14 AM
1,883 次查看
BiyongSUN
NXP Employee
NXP Employee

BiyongSUN_0-1626776034418.png

 

4096

0 项奖励
回复

跳至解决方案
‎07-20-2021 07:18 AM
1,877 次查看
MistX
Contributor III

GREAT THANKS, BiyongSUN!

0 项奖励
回复

跳至解决方案
‎10-20-2021 08:36 AM
1,697 次查看
PierreRoullet
Contributor I

I have exactly the same issue but sorry I don't understand the answer what is exacly the offset you have used ? I don't understand 4096

BR Pierre

0 项奖励
回复