I am trying to fix an error in HAB Boot.
I see this that might apply:
https://community.nxp.com/t5/i-MX-Processors/imx6ULL-HAB-events/m-p/903732/highlight/true#M136333
Has this been fixed?
ERR010449 | System Boot: HAB HAL routine hab_hal_invalidate_cache should invalidate L1/L2 D-cache, but did not in the ROM code |
Looking at /proc/cpuinfo I see:
Hardware : Freescale i.MX6 Ultralite (Device Tree)
Revision : 0000
Serial : 2f1d59d26044b748
So does Revision 0 mean that all errata apply?
The errata lists two solutions. I am curious what the 2nd solution means, and does it pertain to a boot from ROM?
For workaround #2, modify CSF tool by referring to AN4581.
Links to AN4581 that I have found are dead. What is CSF? Does that mean the Code Signing Tool?
Solved! Go to Solution.
I determined the fix for this issue. In addition to setting Engine = SW in the Header section of the CSF file for the Code Signing Tool, I also needed a 2nd line to the Blocks = statement from the DCD Blocks in the U-Boot build output. This was the U-Boot output from u-boot file u-boot-imx/1_2020.04-r0/build/[config]/u-boot.imx.log file:
Load Address: 877ff420
Entry Point: 87800000
HAB Blocks: 0x877ff400 0x00000000 0x000a1c00
DCD Blocks: 0x0000002c 0x00910000 0x00000200
Now this has to be translated into the csf file as follows:
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x877ff400 0x00000000 0x000a1c00 "u-boot.imx", \
0x00910000 0x0000002c 0x00000200 "u-boot.imx"
Note that the values on the 2nd line are transposed from the U-Boot output. When I was getting the HAB_INV_ASSERTION error, I had not included the 2nd line in the csf file. This was because it was not done by Boundary Devices in their example.
I determined the fix for this issue. In addition to setting Engine = SW in the Header section of the CSF file for the Code Signing Tool, I also needed a 2nd line to the Blocks = statement from the DCD Blocks in the U-Boot build output. This was the U-Boot output from u-boot file u-boot-imx/1_2020.04-r0/build/[config]/u-boot.imx.log file:
Load Address: 877ff420
Entry Point: 87800000
HAB Blocks: 0x877ff400 0x00000000 0x000a1c00
DCD Blocks: 0x0000002c 0x00910000 0x00000200
Now this has to be translated into the csf file as follows:
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x877ff400 0x00000000 0x000a1c00 "u-boot.imx", \
0x00910000 0x0000002c 0x00000200 "u-boot.imx"
Note that the values on the 2nd line are transposed from the U-Boot output. When I was getting the HAB_INV_ASSERTION error, I had not included the 2nd line in the csf file. This was because it was not done by Boundary Devices in their example.
@JohnKlug
Hello,
the erratum is not fixed (Proposed Solution:No fix scheduled)
AN4581:
< https://www.nxp.com/webapp/Download?colCode=AN4581 >
Regards,
Yuri.
hi yuri
In my case, HAB event will be generated if
Blocks = 0x877ff400 0x00000000 0x0008ac00 "u-boot-dtb.imx",\
0x00910000 0x0000002c 0x000001e8 "u-boot-dtb.imx"
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x24 0x42 0x33 0x18 0xc0 0x00
0xca 0x00 0x1c 0x00 0x02 0xc5 0xff 0x00
0x00 0x00 0x0d 0x3c 0x87 0x7f 0xf4 0x00
0x00 0x0a 0x4c 0x00 0x00 0x91 0x00 0x00
0x00 0x00 0x01 0xe8
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x00
0x00 0x00 0x00 0x20
and HAB event will not be generated if
Blocks = 0x877ff400 0x00000000 0x0008ac00 "u-boot-dtb.imx"
why ???
Additional information.
I am setting Engine = SW in the CSF file.
Is that what is meant by ERR010449:
Specify engine as “HAB_ENG_SW” instead of “HAB_ENG_DCP” by SCT tool. This will force HAB use the software hash engine.
The exact HAB Status I have is:
Secure boot enabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x91 0x00 0x00
0x00 0x00 0x02 0x00
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)