Problems with HAB and SDP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Problems with HAB and SDP

1,970 Views
toddgoodman
Contributor II

Hi,

I'm trying to use an i.MX 6 with Serial Download Protocol with our own manufacturing tool running on Linux (similarly to how the Freescale mfgtool v2.0.8 works) to download a manufacturing u-boot.bin and uImage to bootstrap a newly manufactured board.

Without attempting to use HAB everything is fine and works as expected.

When signing our shipping u-boot.bin which is loaded by the boot ROM from eMMC then it all works as expected as well.

However, when using our manufacturing u-boot.bin which is loaded via SDP, I always get an "Invalid IVT" failure from the HAB ROM (see below for actual events.)

If I try to do the same via the Freescale mfgtool I get the same errors.

I've read the HAB4 API RM, AN4581.pdf, the HAB Code Signing Tool User Guide, and all the discussions I could find here.

Our linux tool speaks to the i.MX 6 and uses the SDP DCD_WRITE command to write the DCD to 0x910000 first, then it uses the SDP command WRITE_FILE to write u-boot.bin to 0x27800000 (with the DCD pointer in the IVT zeroed so the i.MX 6 doesn't attempt to rerun the DCD commands.)

The  IVT and Boot Data are as follows:

    IVT:

        Header: 402000D1 (tag D1, len 32, version 40)

        Entry: 278006E0, DCD: 2780042C, Boot Data: 27800420

        Self: 27800400, CSF: 27829000

    Boot Data:

        Start: 27800000, Length: 177664, Plugin: 00000000

The CSF is:

[Header]

Version = 4.1

Hash Algorithm = sha256

Engine Configuration = 0

Certificate Format = X509

Signature Format = CMS

[Install SRK]

File = "../crts/SRK_1_2_3_4_table.bin"

Source index = 0

[Install CSFK]

File = "../crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Unlock]

Engine = CAAM

Features = RNG

[Install Key]

Verification index = 0

Target index = 2

File = "../crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem"

# Sign padded u-boot starting at the IVT through to the end with

# length = 0x27000 (padded u-boot length) - 0x400 (IVT offset) = 0x26C00

# This covers the essential parts: IVT, boot data and DCD.

# Blocks have the following definition:

# Image block start address on i.MX, Offset from start of image file,

# Length of block in bytes, image data file

[Authenticate Data]

Verification index = 2

Blocks = 0x00910000 0x0000042C 0x000002B0 "u-boot-mfg.pad"

[Authenticate Data]

Verification index = 2

Blocks = 0x27800000 0x400 0x00029000 "u-boot-mfg.pad"

And the HAB events are (our u-boot interprets the events:)

HAB Configuration: Open (0xf0) HAB State: Nonsecure (0x66)

--------- HAB Event 1 -----------------

event data:

        0xdb 0x00 0x08 0x41 0x33 0x05 0x0a 0x00

Status: Failed (33), Reason: Invalid IVT (05)

Context: authenticate_image() (0A), Engine: Any (00)

--------- HAB Event 2 -----------------

event data:

        0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00

Status: Failed (33), Reason: Invalid Address (22)

Context: authenticate_image() (0A), Engine: Any (00)

--------- HAB Event 3 -----------------

event data:

        0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00

Status: Failed (33), Reason: Invalid Address (22)

Context: authenticate_image() (0A), Engine: Any (00)

--------- HAB Event 4 -----------------

event data:

        0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00

Status: Failed (33), Reason: Invalid Address (22)

Context: authenticate_image() (0A), Engine: Any (00)

--------- HAB Event 5 -----------------

event data:

        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

        0x00 0x00 0x00 0x00 0x27 0x80 0x04 0x00

        0x00 0x00 0x00 0x20

Status: Failed (33), Reason: Invalid Assertion (0C)

Context: assert() (A0), Engine: Any (00)

--------- HAB Event 6 -----------------

event data:

        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

        0x00 0x00 0x00 0x00 0x27 0x80 0x06 0xe0

        0x00 0x00 0x00 0x04

Status: Failed (33), Reason: Invalid Assertion (0C)

Context: assert() (A0), Engine: Any (00)

--------- HAB Event 7 -----------------

event data:

        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

        0x00 0x00 0x00 0x00 0x00 0x91 0x00 0x00

        0x00 0x00 0x02 0xb0

Status: Failed (33), Reason: Invalid Assertion (0C)

Context: assert() (A0), Engine: Any (00)

How is the SDP Boot ROM code locating the IVT? 

Does it look at offset 0x400 from the address the WRITE_FILE command loads the u-boot.bin to?

Thank you,

Todd

Labels (2)
5 Replies

1,069 Views
Yuri
NXP Employee
NXP Employee

Hello,

  Please check if U-boot for MFG was prepared correctly, as recommended in

recent AN4581 release (Rev. 1, 10/2015), Appendix E (Freescale manufacturing tool)

http://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf


Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos

1,069 Views
toddgoodman
Contributor II

Yes it was prepared as described in Appendix E of AN4581.

0 Kudos

1,069 Views
Yuri
NXP Employee
NXP Employee

Hello,

  Please look at the following https://community.nxp.com/thread/382754 

Regards,

Yuri.

0 Kudos

1,069 Views
jubr
Contributor I

We have this same issue on an i.MX6 SoloX. Any update on this?

0 Kudos

1,069 Views
Yuri
NXP Employee
NXP Employee

Please look at the following https://community.nxp.com/thread/382754 

~Yuri.

0 Kudos