- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- IMX6Solox HAB status (CSF PTR is 0x00000000 )
IMX6Solox HAB status (CSF PTR is 0x00000000 )
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
IMX6Solox HAB status (CSF PTR is 0x00000000 )
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I am trying to achive a secure boot for IMX6SoloX processor. I generate custom image with Yocto. I used manual Secure Boot on i.MX 50, i.MX 53, i.MX 6 and i.MX 7 Series using HABv4, how to create secure boot for imx processors and also i downloaded cst-3.1.0 to generate keys, program fuses, (fuses are OK i checked that with fuse read 3 0, fuse ...) ... . Version of u-boot is 2017.11.
I stuck on the step to create custom csf file. I need to find out value of Blocks to sign, so i used a Extracting U - boot data for CSF from page 27.After i used od -X -N 0x20 u-boot.imx a get this numbers :
0000000 402000d1 87800000 00000000 877ff42c
0000020 877ff420 877ff400 00000000 00000000
And value of CSF PTR is 0x00000000. So i tried to use reference value from manual for length 0x6DC00. But after ./bin/cst --o u-boot_csf.bin --i u-boot_sign.csf a get error: Invalid Block arguments, Blocks start offset and length together exceed file size in command AuthenticateData. After that i tried to use size of my u-boot.imx as a length value and i successfully and signed data available in u-boot_csf.bin. (.csf file attached)
After that i boot from usb and copy u-boot_signed.imx wtih this procedure.
1.)copy u-boot.imx to USB
2.)mount usb stick
3.)clear boot config: dd if=/dev/zero of=/dev/mmcblk3 bs=1k seek=384 conv=fsync count=129
4.)echo 0 > /sys/block/mmcblk3boot0/force_ro
5.)dd if=u-boot_signed.imx of=/dev/mmcblk3boot0 bs=512 seek=2
6.)echo 1 > /sys/block/mmcblk3boot0/force_ro
7.)mmc bootpart enable 1 1 /dev/mmcblk3
After reboot i wrote HAB_status and i got a result:
=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ADDRESS (0x22)
CTX = HAB_CTX_AUTHENTICATE (0x0A)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x00
0x00 0x00 0x00 0x20
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x2c
0x00 0x00 0x02 0x08
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x20
0x00 0x00 0x00 0x01
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x80 0x00 0x00
0x00 0x00 0x00 0x04
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
Thanks for any advice
EDIT: I needed to define CSF value for HAB in recipes-bsp/u-boot/files/git/board/../imximage.cfg -> CSF 0x2000
Yuri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
The error HAB_INV_ADDRESS for Authenticate image function indicates one of
the following:
- HAB_INV_ADDRESS: initial or final image addresses outside allowed regions;
- HAB_INV_ADDRESS: IVT, DCD, Boot Data or CSF outside image bounds;
- HAB_INV_ADDRESS: IVT self or entry pointer is NULL;
Check the signed U-boot image.
Have a great day,
Yuri
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
