FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Is CONFIG_IMX_HAB option in U-Boot unbootable from NAND without burning fuses in i.MX6dl

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is CONFIG_IMX_HAB option in U-Boot unbootable from NAND without burning fuses in i.MX6dl

‎10-31-2023 12:29 AM
1,542 Views
manojsai
Contributor I

unable to boot the i.MX6DL by flashing to nand memory  , images which enabled with HAB .

able to boot the normal nand image with i.MX6DL.

steps to flash the images to nand memory :-

ext4load mmc 0:2 $loadaddr SPL ; nand erase.part spl ; nandbcb init $loadaddr 0x0 $filesize ; ext4load mmc 0:2 $loadaddr u-boot-dtb.img ; nand erase.part uboot ; nand write ${loadaddr} uboot ${filesize}

0 Kudos
Reply
4 Replies

‎11-01-2023 08:12 PM
1,470 Views
Harvey021
NXP TechSupport
NXP TechSupport

Try to dump your boot image ivt structure, pad the signed boot image to the boot_data.size.

 

Best regards

Harvey

0 Kudos
Reply

‎10-31-2023 09:08 AM
1,507 Views
jaganteki
Contributor I

@kef2 is open mode means non-secure mode? Why do we need to fuse the SRK in open mode?

Here we enable HAB in MMC config but the board doesn't enable secure-boot mode then SPL says 'hab fuse not enabled and booting from MMC is fine.

U-Boot SPL 2023.10-00001-g387ae83589-dirty (Oct 31 2023 - 20:51:02 +0530)
Trying to boot from MMC1
hab fuse not enabled

Authenticate image from DDR location 0x177fffc0...
bad magic magic=0x0 length=0x100 version=0x45
bad length magic=0x0 length=0x100 version=0x45
Error: Invalid IVT structure


U-Boot 2023.10-00001-g387ae83589-dirty (Oct 31 2023 - 20:51:02 +0530)

CPU: Freescale i.MX6DL rev1.3 996 MHz (running at 792 MHz)
CPU: Extended Commercial temperature grade (-20C to 105C) at 42C
Reset cause: POR
Model: Engicam i.CoreM6 DualLite/Solo Starter Kit
DRAM: 512 MiB
Core: 47 devices, 17 uclasses, devicetree: separate
NAND: 512 MiB
MMC: FSL_SDHC: 0
Loading Environment from NAND... *** Warning - bad CRC, using default environment

No panel detected: default to Amp-WD
Display: Amp-WD (800x480)
In: No input devices available!
Out: No output devices available!
Err: No error devices available!
Net:
Error: ethernet@2188000 address not set.
No ethernet found.

Hit any key to stop autoboot: 0
icorem6qdl>

The problem is if we enable HAB in nand config like same in above mmc, then the board is not booting from nand, but if we disable HAB in the config then the board is booting from nand.

What is the point of understanding here in terms of hab-enable vs booting source?

0 Kudos
Reply

‎10-31-2023 01:06 PM
1,487 Views
kef2
Senior Contributor V
  • is open mode means non-secure mode? 

Yes. 

  • is open mode means non-secure mode? Why do we need to fuse the SRK in open mode?

You have rev1.3 silicon, so you don't have to fuse SRK to try HAB without fusing.

 

Oh. Once you enable CONFIG_IMX_HAB, some filed in IVT tells bootloader size is larger by CONFIG_CSF_SIZE than the made image size. Image signing should add exactly the same ar bigger amount of CSF bytes. If it adds less or you skip signing step, then you need to pad at the end your U-boot image to make ROM happy reading expected amount of data from NAND. When you write less, those unwritten missing bytes will read with error and boot process will fail (or continue loading another copy of boot image from different NAND locations).

 

Reply

‎10-31-2023 04:20 AM
1,521 Views
kef2
Senior Contributor V

According to AN4581 rev 2, iMX6DL silicon revision TO 1.0 had HAB version 4.1.0, which needs SRK fused even in open mode. More recent silicons in open mode either don't check SRK at all, or check SRK only if it is fused (not all 0's).

0 Kudos
Reply