[IMX6DP][u-boot-imx2022.04] CAAM / HW HASH issue after HAB authantication

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[IMX6DP][u-boot-imx2022.04] CAAM / HW HASH issue after HAB authantication

682 Views
Abder
Contributor II

Hi,

While doing some tests with HAB in u-boot-imx 2022.04 for an IMX6DP based board, I encountered an issue regarding hw hash calculation based on CAAM (i.e., using the drivers/crypto/fsl/fsl_hash.c driver).

Whenever I try to calculate a sha256 or a sha1 (the two supported hash algos by fsl_hash.c) using the hash command in u-boot (CONFIG_CMD_HASH=y) after a call to the hab_auth_img command, the board freezes !!

Steps to reproduce:

  1. load signed image 
  2. authenticate image: 
    hab_auth_img <loadaddr> ${filesize}
  3. calculate a sha256 for a random chunk of memory: 
    hash sha256 <random_addr_inr_ram> <random_size> 

Note1: I reproduced the issue on a Sabre SD dev board equipped with an IMX6QP

Note2: here is the CSF I used for signing:

 

[Header]
Version = 4.2
Hash Algorithm = sha256
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
Engine = ANY

[Install SRK]
File = "/file/path"
Source index = 0

[Install CSFK]
File = "/key/path.pem"

[Authenticate CSF]

[Install Key]
Verification index = 0
Target index = 2
File = "/key/path.pem"

[Authenticate Data]
Verification index = 2
#        Address      Offset     Length       Data File Path
Blocks = 0x10007fc0   0x00000000   0x1596020 "/file/path"

 

 

Best regards,

Abderrahim

Labels (1)
0 Kudos
Reply
3 Replies

636 Views
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @Abder ,

I hope you are doing well!

What version of CST are you using? 

Have you tested this with older uboot versions, if so, is this unique to our latest release?

Thank you.

Best regards,
Hector.

0 Kudos
Reply

619 Views
Abder
Contributor II

Hi Hector,

Thank you for your reply.

I'm using Code Signing Tool release version 3.2.0.

I've just done a test on a IMX6QP board with u-boot2020.04 and I reproduced the issue. However, this time the board doesn't freeze when I try to calculate a sha256 (after hab_auth_image), but I get the error : "CAAM was not setup properly or it is faulty" and it becomes impossible to calculate a hash (via fsl_hash.c) afterwards.

BR,

Abderrahim,

 

0 Kudos
Reply

609 Views
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @Abder ,

Have you tested this with 3.4.0? I'm not sure if this could be a hardware issue, have you tested other CAAM features?

Best regards,
Hector.

0 Kudos
Reply