Does anyone have instructions to share for using High-Assurance Boot (HAB) with Serial Downloader?
I have created a signed U-boot image (2016.11+fslc sources), which works fine when loaded from NAND. There are no HAB events found when checking with hab_status in U-boot.
However, when I load the same image on the device with Serial Downloader (USB), the HAB events show that the signature is invalid. The BOOT_FROM parameter is set to nand as that is used in production and there is no separate option for serial downloader.
Any help or ideas?
I have tried this with a i.MX7 Sabre board with NAND modification and also with a custom board with i.MX7D. For each board I had a different set of keys.
Here is the first reported HAB event:
=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x1c 0x42 0x33 0x18 0xc0 0x00
0xca 0x00 0x14 0x00 0x02 0xc5 0x1d 0x00
0x00 0x00 0x16 0x3c 0x87 0x7f 0xf4 0x00
0x00 0x07 0x5c 0x00
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)
