Hi,
I have noticed that the RT1021 hangs when the plugin tries to write to the plugin api arguments (start, bytes, ivt_offset) if authentication fails, when the HAB closed fuse (SEC_CONFIG ) has not been blown - i.e. HAB configuration is 'open'.
I have blown the SRK_HASH fuses and can create a signed version of the plugin and app. When both are signed the plugin runs ok, copies the app to sdram, sets the plugin api arguments and returns back to the ROM. The ROM then runs the app. This all works fine when signed. When unsigned the boot plugin still runs, but as soon as it tries to set the api arguments, before returning, the RT1021 seems to hang. It has not reached the return. It is the setting of the arguments that is the problem. The copy to sdram works fine.
I can understand this behaviour if the RT1021 is HAB closed (SEC_CONFIG[1] set to 1). According to the documentation, the HAB should not prevent execution if SEC_CONFIG[1] is 0
So why is this happening when the HAB configuration is open?
See:
Document: i.MX RT1020 Processor Reference Manual, Rev. 2, 01/2021
Section 9.2 Overview:
"The out-of-fab setting for the SEC_CONFIG is the open configuration, in which the ROM/HAB performs the image authentication, but all authentication errors are ignored and the image is still allowed to execute."
Section: 9.8 Plugin image
typedef BOOLEAN (*plugin_download_f)(void **start, size_t *bytes, UINT32 *ivt_offset);
ARGUMENTS PASSED:
start - the image load address on exit.
bytes - the image size on exit.
ivt_offset - the offset (in bytes) of the IVT from the image start address on exit.
RETURN VALUE:
1 - success
0 - failure
Plugin snippet:
*start = APP_BINARY_DESTINATION_ADDRESS;
*bytes = APP_BINARY_SIZE;
*ivt_offset = 0x1000;
return 1;
Kind regards,
Ronnie
