IMX8MQ rpmb_read: decap rpmb key error on Android 10 dual trusty image

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IMX8MQ rpmb_read: decap rpmb key error on Android 10 dual trusty image

Jump to solution
3,300 Views
bl
Contributor II

Hi,

We have a Android 10 image built with dual bootloader and Trusty OS enabled.  The image boots fine before closing the chip with 

 => fuse prog -y 1 3 0x2000000

However, once we closed the chip, we got errors of the following:

U-Boot SPL 2020.04-00001-gf37a2b66a6-dirty (Dec 10 2020 - 11:08:41 +0800)
PMIC:  PFUZE100 ID=0x10
DDRINFO: start DRAM init
DDRINFO: DRAM rate 3200MTS
DDRINFO:ddrphy calibration done
DDRINFO: ddrmix config done
Normal Boot
Trying to boot from MMC1
 
Authenticate image from DDR location 0x401fcdc0...
RNG already instantiated 0x
Error: blob decap job failed 0x2000071a
rpmb_read: decap rpmb key error
rpmb_init: read RPMB error
RPMB init failed!
Load or verify bootloader_a fail, setting unbootable..
 
Authenticate image from DDR location 0x401fcdc0...
RNG already instantiated 0x
Error: blob decap job failed 0x2000071a
rpmb_read: decap rpmb key error
rpmb_init: read RPMB error
RPMB init failed!
Load or verify bootloader_b fail, setting unbootable..
No bootable slots found, try to boot into recovery mode...
 
Based on the "i.MX Android Security User's Guide, Rev. android-10.0.0_2.5.0, 21 October 2020":
"The RPMB key can only be programed one time. The saved copy of RPMB key is encapsulated with CAAM, and CAAM uses the value in eFuse hardware. If the SRK hash value needs to be programmed into eFuse hardware and close the chips, do it first, and only after that can the RPMB key be programmed." , we had the SRK hash value flashed to the eFuse before flash the eMMC RPMB key with "fastboot oem set-rpmb-key".
 
"CAAM uses the value in eFuse hardware" means the SRK hash eFuse or more than those?
Do we need to closing the chip also before flash the eMMC RPMB key?
 
 
Thanks,
 
BL 
0 Kudos
Reply
1 Solution
3,257 Views
Zhiming_Liu
NXP TechSupport
NXP TechSupport

Hi

 

Yes,Before setting the RPMB key

1.need to SRK hash value needs to be programmed into eFuse hardware and close the chips.

2.it is necessary to know where the RPMB key blob encapsulated with CAAM is stored and how to
change the location.

 

BR

Zhiming

View solution in original post

0 Kudos
Reply
5 Replies
3,023 Views
Jose1985
Contributor IV

Hi Zhiming,

I followed the user AUG document and flashed the RPMG key using rpmb_key_test.bin 

# fastboot stage rpmb_key_test.bin

# fastboot oem set-rpmb-key

(In the attached document, sec8.6.1 Initializing the secure storage for Trusty OS)

rpmb_key_test.bin ==> Prebuilt test RPMB key, which can be used to set the RPMB key as fixed 32 bytes 0x00.

However, now the board is not booting up  and as well I am not able to reflash RPMB key. Could you help me fix this issue or how to recover?

0 Kudos
Reply
3,019 Views
Zhiming_Liu
NXP TechSupport
NXP TechSupport

@Jose1985 Which os version  and platform you are using ?

0 Kudos
Reply
3,010 Views
Jose1985
Contributor IV

Hi nxf65025,

I am trying to flash Android-11 Android Automotive flavor in iMX8QM. 

Let me make an update. When I tried the below command to flash, I am able to flash the custom android image.

However, when booting up, I am getting below error in dmesg and there is no UI.

[ 32.346527] android_work: sent uevent USB_STATE=CONFIGURED
[ 33.903990] vref_1v8: disabling
[ 33.907141] epdev_on: disabling
[ 33.910313] SD1_SPWR: disabling
[ 36.534616] init: Control message: Could not find 'aidl/android.hardware.power.IPower/default' for ctl.interface_start from pid:239 (/system/bin/servicemanager)

Could you help me with this? Log is attached

0 Kudos
Reply
3,258 Views
Zhiming_Liu
NXP TechSupport
NXP TechSupport

Hi

 

Yes,Before setting the RPMB key

1.need to SRK hash value needs to be programmed into eFuse hardware and close the chips.

2.it is necessary to know where the RPMB key blob encapsulated with CAAM is stored and how to
change the location.

 

BR

Zhiming

0 Kudos
Reply
3,253 Views
bl
Contributor II

Hi Zhiming,

We flash the RPMB after closed the chip first and try this again.  It is booting fine now without error.

For point#2 what do you mean "it is necessary to know where the RPMB key blob encapsulated with CAAM is stored and how to change the location."?  Do we need any other steps or configurations besides flash the SRK and close the HAB eFuse?

 

Thanks,

 

BL 

 

0 Kudos
Reply