FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

MCIMX6ULL-EVK and HAB_INV_ASSERTION in HAB Boot

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

MCIMX6ULL-EVK and HAB_INV_ASSERTION in HAB Boot

Jump to solution
‎05-13-2021 07:53 AM
1,855 Views
JohnKlug
Senior Contributor I

I am trying to fix an error in HAB Boot.

I see this that might apply:

https://community.nxp.com/t5/i-MX-Processors/imx6ULL-HAB-events/m-p/903732/highlight/true#M136333

 

Has this been fixed?

ERR010449System Boot: HAB HAL routine hab_hal_invalidate_cache should invalidate L1/L2 D-cache, but did not in the ROM code

 

Looking at /proc/cpuinfo I see:

Hardware : Freescale i.MX6 Ultralite (Device Tree)
Revision : 0000
Serial : 2f1d59d26044b748

So does Revision 0 mean that all errata apply?


The errata lists two solutions.  I am curious what the 2nd solution means, and does it pertain to a boot from ROM?

For workaround #2, modify CSF tool by referring to AN4581.


Links to AN4581 that I have found are dead.  What is CSF?  Does that mean the Code Signing Tool?

 

0 Kudos
Reply
1 Solution

Jump to solution
‎05-14-2021 01:52 PM
1,830 Views
JohnKlug
Senior Contributor I

I determined the fix for this issue.  In addition to setting Engine = SW in the Header section of the CSF file for the Code Signing Tool, I also needed a 2nd line to the Blocks = statement from the DCD Blocks in the U-Boot build output.  This was the U-Boot output from u-boot file u-boot-imx/1_2020.04-r0/build/[config]/u-boot.imx.log file:

Load Address: 877ff420
Entry Point:  87800000
HAB Blocks:   0x877ff400 0x00000000 0x000a1c00
DCD Blocks:   0x0000002c 0x00910000 0x00000200

Now this has to be translated into the csf file as follows:

[Authenticate Data]
    # Key slot index used to authenticate the image data
    Verification index = 2
    # Authenticate Start Address, Offset, Length and file
    Blocks = 0x877ff400 0x00000000 0x000a1c00 "u-boot.imx", \
             0x00910000 0x0000002c 0x00000200 "u-boot.imx"

Note that the values on the 2nd line are transposed from the U-Boot output.  When I was getting the HAB_INV_ASSERTION error, I had not included the 2nd line in the csf file.  This was because it was not done by Boundary Devices in their example.

View solution in original post

Reply
6 Replies

Jump to solution
‎05-14-2021 01:52 PM
1,831 Views
JohnKlug
Senior Contributor I

I determined the fix for this issue.  In addition to setting Engine = SW in the Header section of the CSF file for the Code Signing Tool, I also needed a 2nd line to the Blocks = statement from the DCD Blocks in the U-Boot build output.  This was the U-Boot output from u-boot file u-boot-imx/1_2020.04-r0/build/[config]/u-boot.imx.log file:

Load Address: 877ff420
Entry Point:  87800000
HAB Blocks:   0x877ff400 0x00000000 0x000a1c00
DCD Blocks:   0x0000002c 0x00910000 0x00000200

Now this has to be translated into the csf file as follows:

[Authenticate Data]
    # Key slot index used to authenticate the image data
    Verification index = 2
    # Authenticate Start Address, Offset, Length and file
    Blocks = 0x877ff400 0x00000000 0x000a1c00 "u-boot.imx", \
             0x00910000 0x0000002c 0x00000200 "u-boot.imx"

Note that the values on the 2nd line are transposed from the U-Boot output.  When I was getting the HAB_INV_ASSERTION error, I had not included the 2nd line in the csf file.  This was because it was not done by Boundary Devices in their example.

Reply

Jump to solution
‎05-13-2021 11:16 PM
1,838 Views
Yuri
NXP Employee
NXP Employee

@JohnKlug 
Hello,

   the erratum is not fixed (Proposed Solution:No fix scheduled)

AN4581:

< https://www.nxp.com/webapp/Download?colCode=AN4581 >

Regards,
Yuri.

Reply

Jump to solution
‎11-11-2021 08:49 PM
1,635 Views
kk163
Contributor III

hi yuri

In my case, HAB event will be generated if

Blocks = 0x877ff400 0x00000000 0x0008ac00 "u-boot-dtb.imx",\
               0x00910000 0x0000002c 0x000001e8 "u-boot-dtb.imx"


--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x24 0x42 0x33 0x18 0xc0 0x00
0xca 0x00 0x1c 0x00 0x02 0xc5 0xff 0x00
0x00 0x00 0x0d 0x3c 0x87 0x7f 0xf4 0x00
0x00 0x0a 0x4c 0x00 0x00 0x91 0x00 0x00
0x00 0x00 0x01 0xe8

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x00
0x00 0x00 0x00 0x20


and HAB event will not be generated if 

Blocks = 0x877ff400 0x00000000 0x0008ac00 "u-boot-dtb.imx"

why ???

0 Kudos
Reply

Jump to solution
‎11-11-2021 09:00 PM
1,631 Views
Yuri
NXP Employee
NXP Employee

@kk163 
Hello,

   I think it makes sense to create separate thread for this issue.

Regards,
Yuri.

0 Kudos
Reply

Jump to solution
‎05-13-2021 08:39 AM
1,848 Views
JohnKlug
Senior Contributor I

Additional information.

I am setting Engine = SW in the CSF file.

Is that what is meant by ERR010449:

Specify engine as “HAB_ENG_SW” instead of “HAB_ENG_DCP” by SCT tool. This will force HAB use the software hash engine.

 
The exact HAB Status I have is:

Secure boot enabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x00 0x91 0x00 0x00
        0x00 0x00 0x02 0x00

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

 

0 Kudos
Reply