FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to sign flash_flexspi target of mk-image for iMX8QX rev C0?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

How to sign flash_flexspi target of mk-image for iMX8QX rev C0?

Jump to solution
‎07-16-2021 07:29 AM
1,901 Views
MistX
Contributor III

Ok, I have signed "flash" (SD card or USB) target of "imx-mkimage" because that process well described in documentation, and it works - ahab_status prints no security events (OTG USB boot through UUU).

But I found that can`t sign "flash_flexspi" target of "imx-mkimage" using the same CSF (for "flash" target):

Spoiler
[ERROR] CST: Offsets are not consistent with the input binary to be signed

But offset in CSF correct - they are from imx-mkimage output.

Spoiler

[Header]
Target = AHAB
Version = 1.0

[Install SRK]
# Output of srktool
File = "../SRK_1_2_3_4_table.bin"
# Public key certificate in PEM or DER format
Source = "../crts/SRK1_sha384_secp384r1_v3_ca_crt.der"
# Index of SRK in SRK table
Source index = 0
# Origin of SRK table
Source set = OEM
# Revoked SRKs
Revocations = 0x0

[Install Certificate]
# Public key certificate in PEM or DER format
File = "../crts/SGK1_1_sha384_secp384r1_v3_usr_crt.der"
Permissions = 0x1

[Authenticate Data]
# Output of mkimage
File = "flash.bin"
# Offsets = Container_header Signature_block (printed out by mkimage)
Offsets = 0x400 0x590

Spoiler
Compiling mkimage_imx8
include misc.mak
include m4.mak
include android.mak
include test.mak
include autobuild.mak
include rev_a.mak
include alias.mak
./../mkimage_imx8 -soc QX -rev B0 -dev flexspi -append mx8qxc0-ahab-container.img -c -scfw scfw_tcm.bin -ap u-boot-atf.bin a35 0x80000000 -out flash.bin
SOC: QX
REVISION: B0
BOOT DEVICE: flexspi
New Container: 0
SCFW: scfw_tcm.bin
AP: u-boot-atf.bin core: a35 addr: 0x80000000
Output: flash.bin
CONTAINER FUSE VERSION: 0x00
CONTAINER SW VERSION: 0x0000
ivt_offset: 4096
rev: 2
Platform: i.MX8QXP B0
ivt_offset: 4096
container image offset (aligned):12000
flags: 0x10
Hash of the images = sha384
SCFW file_offset = 0x12000 size = 0x25000
Hash of the images = sha384
AP file_offset = 0x37000 size = 0xd3800
CST: CONTAINER 0 offset: 0x400
CST: CONTAINER 0: Signature Block: offset is at 0x590
DONE.
Note: Please copy image to offset: IVT_OFFSET + IMAGE_OFFSET
./../scripts/fspi_packer.sh ../scripts/fspi_header
F(Q)SPI IMAGE PACKED

How to sign "flash_flexspi" image for iMX8QXP C0?

0 Kudos
Reply
1 Solution

Jump to solution
‎07-20-2021 03:14 AM
1,880 Views
BiyongSUN
NXP Employee
NXP Employee

BiyongSUN_0-1626776034418.png

 

4096

View solution in original post

0 Kudos
Reply
5 Replies

Jump to solution
‎07-18-2021 09:08 PM
1,893 Views
BiyongSUN
NXP Employee
NXP Employee

Please add spi header size 

0 Kudos
Reply

Jump to solution
‎07-19-2021 01:04 AM
1,890 Views
MistX
Contributor III

You mean to add to CSF offsets the size of imx-mkimage/iMX8QX/imx-fspi-header.bin (1536 bytes) ?

So if I have CSF:

[Authenticate Data]
# Output of mkimage
File = "flash.bin"
# Offsets = Container_header Signature_block (printed out by mkimage)
Offsets = 0x400 0x590

I should change offsets to 0xA00 0xB90 respectively?

0 Kudos
Reply

Jump to solution
‎07-20-2021 03:14 AM
1,881 Views
BiyongSUN
NXP Employee
NXP Employee

BiyongSUN_0-1626776034418.png

 

4096

0 Kudos
Reply

Jump to solution
‎07-20-2021 07:18 AM
1,875 Views
MistX
Contributor III

GREAT THANKS, BiyongSUN!

0 Kudos
Reply

Jump to solution
‎10-20-2021 08:36 AM
1,695 Views
PierreRoullet
Contributor I

I have exactly the same issue but sorry I don't understand the answer what is exacly the offset you have used ? I don't understand 4096

BR Pierre

0 Kudos
Reply