Hi,
I'm trying to use an i.MX 6 with Serial Download Protocol with our own manufacturing tool running on Linux (similarly to how the Freescale mfgtool v2.0.8 works) to download a manufacturing u-boot.bin and uImage to bootstrap a newly manufactured board.
Without attempting to use HAB everything is fine and works as expected.
When signing our shipping u-boot.bin which is loaded by the boot ROM from eMMC then it all works as expected as well.
However, when using our manufacturing u-boot.bin which is loaded via SDP, I always get an "Invalid IVT" failure from the HAB ROM (see below for actual events.)
If I try to do the same via the Freescale mfgtool I get the same errors.
I've read the HAB4 API RM, AN4581.pdf, the HAB Code Signing Tool User Guide, and all the discussions I could find here.
Our linux tool speaks to the i.MX 6 and uses the SDP DCD_WRITE command to write the DCD to 0x910000 first, then it uses the SDP command WRITE_FILE to write u-boot.bin to 0x27800000 (with the DCD pointer in the IVT zeroed so the i.MX 6 doesn't attempt to rerun the DCD commands.)
The IVT and Boot Data are as follows:
IVT:
Header: 402000D1 (tag D1, len 32, version 40)
Entry: 278006E0, DCD: 2780042C, Boot Data: 27800420
Self: 27800400, CSF: 27829000
Boot Data:
Start: 27800000, Length: 177664, Plugin: 00000000
The CSF is:
[Header]
Version = 4.1
Hash Algorithm = sha256
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "../crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
File = "../crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Unlock]
Engine = CAAM
Features = RNG
[Install Key]
Verification index = 0
Target index = 2
File = "../crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem"
# Sign padded u-boot starting at the IVT through to the end with
# length = 0x27000 (padded u-boot length) - 0x400 (IVT offset) = 0x26C00
# This covers the essential parts: IVT, boot data and DCD.
# Blocks have the following definition:
# Image block start address on i.MX, Offset from start of image file,
# Length of block in bytes, image data file
[Authenticate Data]
Verification index = 2
Blocks = 0x00910000 0x0000042C 0x000002B0 "u-boot-mfg.pad"
[Authenticate Data]
Verification index = 2
Blocks = 0x27800000 0x400 0x00029000 "u-boot-mfg.pad"
And the HAB events are (our u-boot interprets the events:)
HAB Configuration: Open (0xf0) HAB State: Nonsecure (0x66)
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x08 0x41 0x33 0x05 0x0a 0x00
Status: Failed (33), Reason: Invalid IVT (05)
Context: authenticate_image() (0A), Engine: Any (00)
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00
Status: Failed (33), Reason: Invalid Address (22)
Context: authenticate_image() (0A), Engine: Any (00)
--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00
Status: Failed (33), Reason: Invalid Address (22)
Context: authenticate_image() (0A), Engine: Any (00)
--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00
Status: Failed (33), Reason: Invalid Address (22)
Context: authenticate_image() (0A), Engine: Any (00)
--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x27 0x80 0x04 0x00
0x00 0x00 0x00 0x20
Status: Failed (33), Reason: Invalid Assertion (0C)
Context: assert() (A0), Engine: Any (00)
--------- HAB Event 6 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x27 0x80 0x06 0xe0
0x00 0x00 0x00 0x04
Status: Failed (33), Reason: Invalid Assertion (0C)
Context: assert() (A0), Engine: Any (00)
--------- HAB Event 7 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x91 0x00 0x00
0x00 0x00 0x02 0xb0
Status: Failed (33), Reason: Invalid Assertion (0C)
Context: assert() (A0), Engine: Any (00)
How is the SDP Boot ROM code locating the IVT?
Does it look at offset 0x400 from the address the WRITE_FILE command loads the u-boot.bin to?
Thank you,
Todd
Hello,
Please check if U-boot for MFG was prepared correctly, as recommended in
recent AN4581 release (Rev. 1, 10/2015), Appendix E (Freescale manufacturing tool)
http://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf
Have a great day,
Yuri
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
Yes it was prepared as described in Appendix E of AN4581.
We have this same issue on an i.MX6 SoloX. Any update on this?
Please look at the following https://community.nxp.com/thread/382754
~Yuri.