Preloader related information required for secure boot for iMX6-dp
Hello Team,
I have below question for iMX6-dp processor secure boot boot flow.
C300 have a Preloader folder. If I refer AN4581 I am not able to find any information regarding Preloader.
Q1. Is it custom implementation?
Q2. How can I get some information about bootflow?
Thank you
Hello @shantanu-banerjee,
Q1. Is it custom implementation?
[Richard] Preloader is a part of fail-safe boot solution that was provided by MSS team as a commercial service. You can get additional information if you ask LGE to share "failsafe_user_guide.pdf" document.
Q2. How can I get some information about boot-flow?
[Richard] I remember the boot-flow is included in release note of MSS solution. But you need to ask LGE to share it. Following is brief of the flow.
Thank you.
Dear Richard Kim,
Thank you for the information.
I have shared this infomation with LGE regarding MSS documents.
Meanwhile could you please clarify below questions,
1. Is it required to authenticate Preloader?
2. Is there any mechanism to print entire HAB event log from preloader? Similar what is happening in u-boot.
It will be very helpful if you give some overview.
Thank you.
Hello Shantanu,
Please find my in-line comments below.
- Is it required to authenticate Preloader? [Richard] Preloader is not required to be authenticated.
- Is there any mechanism to print entire HAB event log from preloader? Similar what is happening in u-boot. [Richard] You may get more information from the document I commented.
Thank you.
Hello Support Team,
I have a question related to preloader.
As I have understood Preloader is responsible to authenticate Uboot.But problem is that I am not able to print HAB authentication log from Preloader. It seems Preloader not including standard C functions.
My question is how to print HAB events from Preloader? Because I am getting HAB authentication failed but unable to understand the reason.
Below is the code snippet from Preloader source.
Thank you for your support.
Dear Support Team,
We have successfully printed HAB log from Preloader.
As we have understood error as below. But we are unable to identify the exact reason for this failure.
It will be helpful if you share some information opinion on this.
HAB Event 1 = 3311cf00 = HAB_INV_CSF
HAB Event 2 = 330ca000 = HAB_INV_ASSERTION
HAB Event 3 = 330ca000 = HAB_INV_ASSERTION
HAB Event 4 = 330ca000 = HAB_INV_ASSERTION
HAB Event 5 = 330ca000 = HAB_INV_ASSERTION
Please find below details
u-boot.bin size = 0x20CB4
objcopy -I binary -O binary --pad-to 0x21000 --gap-fill=0x5A u-boot.bin u-boot-pad.bin
u-boot-pad.bin size = 0x21000
genIVT_uboot
#! /usr/bin/perl -w
use strict;
open(my $out, '>:raw', 'ivt.bin') or die "Unable to open: $!";
print $out pack("V", 0x402000D1); # Signature
print $out pack("V", 0x17800000); # Jump Location
print $out pack("V", 0x0); # Reserved
print $out pack("V", 0x0); # DCD pointer
print $out pack("V", 0x0); # Boot Data
print $out pack("V", 0x17821000); # Self Pointer
print $out pack("V", 0x17821020); # CSF Pointer
print $out pack("V", 0x0); # Reserved
close($out);
u-boot.csf
[Header]
Version = 4.0
Security Configuration = Open
Hash Algorithm = sha256
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "../crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Unlock]
Engine = CAAM
Features = RNG
[Install Key]
Verification index = 0
Target index = 2
File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
# Sign padded uImage start at address 0x10800000
# length = 0x3FE0000
# This covers the essential parts: original uImage and the attached IVT
# Blocks have the following definition:
# Image block start address on i.MX, Offset from start of image file,
# Length of block in bytes, image data file
[Authenticate Data]
Verification index = 2
Blocks = 0x17800000 0x0 0x21020 "u-boot-pad-ivt.bin"
Preloader main.c use below for authentication uboot
Hello @shantanu-banerjee,
I'm sorry but nobody can fully help you to understand failsafe solution.
Have you ever checked all documents below?
Dear @Richard_Kim,
Thank you for the reply.
We just want to understand why "invalid CSF" error comes. We are using CSF as described in the fastboot document.
As per the hab_status_t(* hab_rvt::report_status) it is reporting HAB authentication failure but as per failsafe logic it pass the authentication. We need to understand this situation.
Code snippet:
Current log
NXP fast boot test log as per fastboot document
Both log contains B, P1 and J. But as per HAB event log it saying authentication failed.
Thanks,
Shantanu Banerjee
Hello @shantanu-banerjee,
NXP MSS team provided reference code for failsafe boot solution.
It was implemented and tested by "bg80.song" and I remember he was a LGE engineer.
I recommend you to ask and check the original failsafe code.
Dear @Richard_Kim
Thank you for your support.
Thanks,
Shantanu Banerjee
Hello @shantanu-banerjee,
I’m sorry but I don’t fully understand failsafe solution. You should deep dive into it by yourself.