帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

[IMX6DP][u-boot-imx2022.04] CAAM / HW HASH issue after HAB authantication

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

[IMX6DP][u-boot-imx2022.04] CAAM / HW HASH issue after HAB authantication

‎02-14-2024 07:52 AM
670 次查看
Abder
Contributor II

Hi,

While doing some tests with HAB in u-boot-imx 2022.04 for an IMX6DP based board, I encountered an issue regarding hw hash calculation based on CAAM (i.e., using the drivers/crypto/fsl/fsl_hash.c driver).

Whenever I try to calculate a sha256 or a sha1 (the two supported hash algos by fsl_hash.c) using the hash command in u-boot (CONFIG_CMD_HASH=y) after a call to the hab_auth_img command, the board freezes !!

Steps to reproduce:

  1. load signed image 
  2. authenticate image: 
    hab_auth_img <loadaddr> ${filesize}
  3. calculate a sha256 for a random chunk of memory: 
    hash sha256 <random_addr_inr_ram> <random_size> 

Note1: I reproduced the issue on a Sabre SD dev board equipped with an IMX6QP

Note2: here is the CSF I used for signing:

 

[Header]
Version = 4.2
Hash Algorithm = sha256
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
Engine = ANY

[Install SRK]
File = "/file/path"
Source index = 0

[Install CSFK]
File = "/key/path.pem"

[Authenticate CSF]

[Install Key]
Verification index = 0
Target index = 2
File = "/key/path.pem"

[Authenticate Data]
Verification index = 2
#        Address      Offset     Length       Data File Path
Blocks = 0x10007fc0   0x00000000   0x1596020 "/file/path"

 

 

Best regards,

Abderrahim

标签 (1)
标签
标记 (4)
0 项奖励
回复
3 回复数

‎02-19-2024 06:32 PM
624 次查看
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @Abder ,

I hope you are doing well!

What version of CST are you using? 

Have you tested this with older uboot versions, if so, is this unique to our latest release?

Thank you.

Best regards,
Hector.

0 项奖励
回复

‎02-21-2024 09:16 AM
607 次查看
Abder
Contributor II

Hi Hector,

Thank you for your reply.

I'm using Code Signing Tool release version 3.2.0.

I've just done a test on a IMX6QP board with u-boot2020.04 and I reproduced the issue. However, this time the board doesn't freeze when I try to calculate a sha256 (after hab_auth_image), but I get the error : "CAAM was not setup properly or it is faulty" and it becomes impossible to calculate a hash (via fsl_hash.c) afterwards.

BR,

Abderrahim,

 

0 项奖励
回复

‎02-22-2024 11:21 AM
597 次查看
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @Abder ,

Have you tested this with 3.4.0? I'm not sure if this could be a hardware issue, have you tested other CAAM features?

Best regards,
Hector.

0 项奖励
回复