Problem enabling Secure Boot On iMX6 Solo

vishnu_motghare · ‎09-29-2022

I'm trying to enable a secure boot on iMX6 Solo. I'm using U-Boot 2019.07. I've followed the steps mentioned in the docs "/u-boot/doc/imx/habv4/guides/mx6_mx7_secure_boot.txt"

I've created the key using CST tools 3.3.1 (with my own serial and pass_key.txt files)

I've used the following settings to generate the PKI keys

./hab4_pki_tree.sh (n,2048,10,y)

Following is my .csf file

[Header]
    Version = 4.1
    Hash Algorithm = sha256
    Engine Configuration = 0
    Certificate Format = X509
    Signature Format = CMS
    Engine = ANY

[Install SRK]
    # Index of the key location in the SRK table to be installed
    File = "./SRK_1_2_3_4_table.bin"
    Source index = 0

[Install CSFK]
    # Key used to authenticate the CSF data
    File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
    # Key slot index used to authenticate the key to be installed
    Verification index = 0
    # Target key slot in HAB key store where key will be installed
    Target Index = 2
    # Key to install
    File= "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate Data]
    # Key slot index used to authenticate the image data
    Verification index = 2
    # Authenticate Start Address, Offset, Length and file
    Blocks =  0x177ff400 0x00000000 0x00056c00 "u-boot.imx"

I've burned the fuses & copied the image using uuu over USB serial downloader. When I check the "hab_status" I get the following events

U-Boot > hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ADDRESS (0x22)
CTX = HAB_CTX_AUTHENTICATE (0x0A)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x00
        0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 3 -----------------
event data:
        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x20
        0x00 0x00 0x00 0x01

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 4 -----------------
event data:
        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x17 0x80 0x00 0x00
        0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 5 -----------------
event data:
        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x00 0x91 0x00 0x00
        0x00 0x00 0x02 0x70

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

I've checked the "HAB4_API.pdf" for meanings of events but was not been able to figure out the reason for failure. Any help is appreciated

Harvey021 · ‎10-04-2022

Hi @vishnu_motghare

Can you please double check u-boot.imx IVT structure to ensure the start address and length for boot image.

 # Authenticate Start Address, Offset, Length and file
    Blocks =  0x177ff400 0x00000000 0x00056c00 "u-boot.imx"

And, have you enabled secure boot support in your uboot?

Best regards

Harvey

Problem enabling Secure Boot On iMX6 Solo

Problem enabling Secure Boot On iMX6 Solo

i.MX6SoloX

Linux