The following are information sources :
“i.MX 6 Linux High Assurance Boot (HAB) User's Guide”
from Linux documentation.
https://www.freescale.com/webapp/Download?colCode=L3.0.35_1.1.0_LINUXDOCS_BUNDLE&location=null
AN4581
“Secure Boot on i.MX50, i.MX53, and i.MX 6 Series using HABv4”
http://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf
i.MX Trust Architecture presentation :
https://community.freescale.com/servlet/JiveServlet/download/313957-255581/20-i.MX_TrustArchitecture...
1.
The recent document states, that HAB API may be called from:
- Boot ROM.
− Other boot stages.
−APIs used in U-Boot in this session are:
hab_status_t(*report_event)(hab_status_tstatus, uint32_t index, uint8_t *event, size_t*bytes)
hab_status_t(*report_status)(hab_config_t*config, hab_state_t*state)
2.
Kernel image may be checked by U-boot, as mentioned in “i.MX 6 Linux High Assurance Boot (HAB) User's Guide” :
“The second stage is the authentication of uImage by U-Boot. authenticate_image is called
by U-boot to verify uImage when executing bootm.”
