- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- Kernel authentication issue with HAB
Kernel authentication issue with HAB
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Kernel authentication issue with HAB
08-12-2021
05:15 AM
1,297 Views
ganesh_k
Contributor III
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
I m trying to implement secure boot on imx6ulevk
https://source.codeaurora.org/external/imx/uboot-imx/tree/doc/imx/habv4/guides/mx6_mx7_secure_boot.t...
with help of above document, I can able to sign and authenticate uboot with fuse as open, below is the log for hab_status:
=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
=> Now I tried to sign and authenticate Linux fitImage, fitImage is authenticating and loading properly.
Below is the boot log:
switch to partitions #0, OK
mmc1(part 0) is current device
switch to partitions #0, OK
mmc1(part 0) is current device
10542944 bytes read in 267 ms (37.7 MiB/s)
Booting from mmc ...
10542944 bytes read in 267 ms (37.7 MiB/s)
hab fuse not enabled
Authenticate image from DDR location 0x83000000...
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
## Loading kernel from FIT Image at 83000000 ...
Using 'conf-imx6ul-pds.dtb' configuration
Verifying Hash Integrity ... OK
Trying 'kernel-1' kernel subimage
Description: Linux kernel
Type: Kernel Image
Compression: uncompressed
Data Start: 0x830000e0
Data Size: 10504440 Bytes = 10 MiB
Architecture: ARM
OS: Linux
Load Address: 0x80800000
Entry Point: 0x80800000
Hash algo: sha256
Hash value: 1b7abd41dffe4ae2dfb9e9a17c016c680539a791ef61010a4b70d3b481237fc8
Verifying Hash Integrity ... sha256+ OK
## Loading fdt from FIT Image at 83000000 ...
Using 'conf-imx6ul-pds.dtb' configuration
Verifying Hash Integrity ... OK
Trying 'fdt-imx6ul-pds.dtb' fdt subimage
Description: Flattened Device Tree blob
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0x83a04ae4
Data Size: 32036 Bytes = 31.3 KiB
Architecture: ARM
Hash algo: sha256
Hash value: 7fd68eccd6a191a0d69f70fb7c08d30b208cba93aa15186804697db4c84af7fe
Verifying Hash Integrity ... sha256+ OK
Booting using the fdt blob at 0x83a04ae4
Loading Kernel Image
Using Device Tree in place at 83a04ae4, end 83a0f807
ft_system_setup for mx6
Starting kernel ...Details:
fitImage loadaddress = "0x83000000"
fitImage size = "0xA0CB3C"
padded fitImage size = "0xA0D000"
genIVT file:
#! /usr/bin/perl -w
use strict;
open(my $out, '>:raw', 'ivt.bin') or die "Unable to open: $!";
print $out pack("V", 0x412000D1); # IVT Header
print $out pack("V", 0x83000000); # Jump Location
print $out pack("V", 0x0); # Reserved
print $out pack("V", 0x0); # DCD pointer
print $out pack("V", 0x0); # Boot Data
print $out pack("V", 0x83A0D000); # Self Pointer
print $out pack("V", 0x83A0D020); # CSF Pointer
print $out pack("V", 0x0); # Reserved
close($out);but when I try to authenticate fitImage from uboot with hab_auth_img, im getting the below error:
=> load mmc 1 0x83000000 fitImage-without-ramfs_signed.bin
10542944 bytes read in 267 ms (37.7 MiB/s)
=> hab_auth_img 0x83000000 0xA0D000
hab fuse not enabled
Authenticate image from DDR location 0x83000000...
Error: CSF lies outside the image bounds Please suggest me if I m doing something wrong.
Thanks & Regards
Ganesh.K
2 Replies
07-21-2022
04:01 AM
1,006 Views
_sanath_
Contributor II
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I am facing the same issue with iMX8mm evk board.
Did you find any working solution for this?
Any inputs from @igorpadykov is much appreciated.
Thanks and regards
Sanath
08-23-2021
11:04 PM
1,249 Views
igorpadykov
NXP Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ganesh
internal team notified me that this issue is already considered internally.
Best regards
igor
