ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

[IMX6DP][u-boot-imx2022.04] CAAM / HW HASH issue after HAB authantication

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

[IMX6DP][u-boot-imx2022.04] CAAM / HW HASH issue after HAB authantication

‎02-14-2024 07:52 AM
491件の閲覧回数
Abder
Contributor II

Hi,

While doing some tests with HAB in u-boot-imx 2022.04 for an IMX6DP based board, I encountered an issue regarding hw hash calculation based on CAAM (i.e., using the drivers/crypto/fsl/fsl_hash.c driver).

Whenever I try to calculate a sha256 or a sha1 (the two supported hash algos by fsl_hash.c) using the hash command in u-boot (CONFIG_CMD_HASH=y) after a call to the hab_auth_img command, the board freezes !!

Steps to reproduce:

  1. load signed image 
  2. authenticate image: 
    hab_auth_img <loadaddr> ${filesize}
  3. calculate a sha256 for a random chunk of memory: 
    hash sha256 <random_addr_inr_ram> <random_size> 

Note1: I reproduced the issue on a Sabre SD dev board equipped with an IMX6QP

Note2: here is the CSF I used for signing:

 

[Header]
Version = 4.2
Hash Algorithm = sha256
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
Engine = ANY

[Install SRK]
File = "/file/path"
Source index = 0

[Install CSFK]
File = "/key/path.pem"

[Authenticate CSF]

[Install Key]
Verification index = 0
Target index = 2
File = "/key/path.pem"

[Authenticate Data]
Verification index = 2
#        Address      Offset     Length       Data File Path
Blocks = 0x10007fc0   0x00000000   0x1596020 "/file/path"

 

 

Best regards,

Abderrahim

ラベル(1)
ラベル
0 件の賞賛
返信
3 返答(返信)

‎02-19-2024 06:32 PM
445件の閲覧回数
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @Abder ,

I hope you are doing well!

What version of CST are you using? 

Have you tested this with older uboot versions, if so, is this unique to our latest release?

Thank you.

Best regards,
Hector.

0 件の賞賛
返信

‎02-21-2024 09:16 AM
428件の閲覧回数
Abder
Contributor II

Hi Hector,

Thank you for your reply.

I'm using Code Signing Tool release version 3.2.0.

I've just done a test on a IMX6QP board with u-boot2020.04 and I reproduced the issue. However, this time the board doesn't freeze when I try to calculate a sha256 (after hab_auth_image), but I get the error : "CAAM was not setup properly or it is faulty" and it becomes impossible to calculate a hash (via fsl_hash.c) afterwards.

BR,

Abderrahim,

 

0 件の賞賛
返信

‎02-22-2024 11:21 AM
418件の閲覧回数
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @Abder ,

Have you tested this with 3.4.0? I'm not sure if this could be a hardware issue, have you tested other CAAM features?

Best regards,
Hector.

0 件の賞賛
返信