How to use High-Assurance Boot (HAB) with Serial Downloader on i.MX7D

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to use High-Assurance Boot (HAB) with Serial Downloader on i.MX7D

1,121 Views
mikkoelomaa
Contributor I

Does anyone have instructions to share for using High-Assurance Boot (HAB) with Serial Downloader?

I have created a signed U-boot image (2016.11+fslc sources), which works fine when loaded from NAND. There are no HAB events found when checking with hab_status in U-boot.
However, when I load the same image on the device with Serial Downloader (USB), the HAB events show that the signature is invalid. The BOOT_FROM parameter is set to nand as that is used in production and there is no separate option for serial downloader.

Any help or ideas?

I have tried this with a i.MX7 Sabre board with NAND modification and also with a custom board with i.MX7D. For each board I had a different set of keys.

Here is the first reported HAB event:

=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x1c 0x42 0x33 0x18 0xc0 0x00
0xca 0x00 0x14 0x00 0x02 0xc5 0x1d 0x00
0x00 0x00 0x16 0x3c 0x87 0x7f 0xf4 0x00
0x00 0x07 0x5c 0x00

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

Labels (1)
Tags (2)
0 Kudos
Reply
1 Reply

780 Views
igorpadykov
NXP Employee
NXP Employee

Hi Mikko

one can try apprach described in AN4581 Secure Boot

E.1. Signing code downloadable with the manufacturing tool

https://www.nxp.com/docs/en/application-note/AN4581.pdf 

Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply