Hi,
While doing some tests with HAB in u-boot-imx 2022.04 for an IMX6DP based board, I encountered an issue regarding hw hash calculation based on CAAM (i.e., using the drivers/crypto/fsl/fsl_hash.c driver).
Whenever I try to calculate a sha256 or a sha1 (the two supported hash algos by fsl_hash.c) using the hash command in u-boot (CONFIG_CMD_HASH=y) after a call to the hab_auth_img command, the board freezes !!
Steps to reproduce:
Note1: I reproduced the issue on a Sabre SD dev board equipped with an IMX6QP
Note2: here is the CSF I used for signing:
[Header]
Version = 4.2
Hash Algorithm = sha256
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
Engine = ANY
[Install SRK]
File = "/file/path"
Source index = 0
[Install CSFK]
File = "/key/path.pem"
[Authenticate CSF]
[Install Key]
Verification index = 0
Target index = 2
File = "/key/path.pem"
[Authenticate Data]
Verification index = 2
# Address Offset Length Data File Path
Blocks = 0x10007fc0 0x00000000 0x1596020 "/file/path"
Best regards,
Abderrahim
Hi @Abder ,
I hope you are doing well!
What version of CST are you using?
Have you tested this with older uboot versions, if so, is this unique to our latest release?
Thank you.
Best regards,
Hector.
Hi Hector,
Thank you for your reply.
I'm using Code Signing Tool release version 3.2.0.
I've just done a test on a IMX6QP board with u-boot2020.04 and I reproduced the issue. However, this time the board doesn't freeze when I try to calculate a sha256 (after hab_auth_image), but I get the error : "CAAM was not setup properly or it is faulty" and it becomes impossible to calculate a hash (via fsl_hash.c) afterwards.
BR,
Abderrahim,
Hi @Abder ,
Have you tested this with 3.4.0? I'm not sure if this could be a hardware issue, have you tested other CAAM features?
Best regards,
Hector.