- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- Request for signing barebox on phytec phycore imx6 card
Request for signing barebox on phytec phycore imx6 card
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Request for signing barebox on phytec phycore imx6 card
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Community,
I am working on implementing secure boot on an imx6 phytec phycore card.
I used cst 3.3.0 to generate keys.
Then I created a signature for my barebox boatloder using the cst tool.
I concatenated the signature to the barebox image to create a signed barebox.
When I flash the barebox, I get these HAB events :
I can’t understand what is missing in my signed image ( maybe it is missing a padding)
Can I one who is fimiliar with signing barebox help me to figure out what is missing .
I would really appreciate some help , I have been blocked on this for several days now.
! with The version of barebox that I have barebox can’t sign it self.
I tried configuring the hab configurations
I even tried calling the imx-image script But I didn’t have any luck.
HABv4: Status: Operation failed (0x33)
HABv4: Config: Non-secure IC (0xf0)
HABv4: State: Non-secure state (0x66)
HABv4: -------- HAB Event 0 --------
HABv4: event data:
HABv4: db 00 08 41 33 22 0a 00
HABv4: Status: Operation failed (0x33)
HABv4: Reason: Invalid address: access denied (0x22)
HABv4: Context: Logged in hab_rvt.authenticate_image() (0x0a)
HABv4: Engine: Select first compatible engine (0x00)
HABv4: -------- HAB Event 1 --------
HABv4: event data:
HABv4: db 00 14 41 33 0c a0 00
HABv4: 00 00 00 00 10 00 04 00
HABv4: 00 00 00 20
HABv4: Status: Operation failed (0x33)
HABv4: Reason: Invalid assertion (0x0c)
HABv4: Context: Event logged in hab_rvt.assert() (0xa0)
HABv4: Engine: Select first compatible engine (0x00)
HABv4: -------- HAB Event 2 --------
HABv4: event data:
HABv4: db 00 14 41 33 0c a0 00
HABv4: 00 00 00 00 10 00 04 2c
HABv4: 00 00 03 00
HABv4: Status: Operation failed (0x33)
HABv4: Reason: Invalid assertion (0x0c)
HABv4: Context: Event logged in hab_rvt.assert() (0xa0)
HABv4: Engine: Select first compatible engine (0x00)
HABv4: -------- HAB Event 3 --------
HABv4: event data:
HABv4: db 00 14 41 33 0c a0 00
HABv4: 00 00 00 00 10 00 04 20
HABv4: 00 00 00 01
HABv4: Status: Operation failed (0x33)
HABv4: Reason: Invalid assertion (0x0c)
HABv4: Context: Event logged in hab_rvt.assert() (0xa0)
HABv4: Engine: Select first compatible engine (0x00)
HABv4: -------- HAB Event 4 --------
HABv4: event data:
HABv4: db 00 14 41 33 0c a0 00
HABv4: 00 00 00 00 10 00 10 00
HABv4: 00 00 00 04
HABv4: Status: Operation failed (0x33)
HABv4: Reason: Invalid assertion (0x0c)
HABv4: Context: Event logged in hab_rvt.assert() (0xa0)
HABv4: Engine: Select first compatible engine (0x00)
I used this csf file to sign barebox :
[Header]Version = 4.2Hash Algorithm = sha256Engine Configuration = 0Certificate Format = X509Signature Format = CMSEngine = CAAM
[Install SRK]File = "../crts/SRK_1_2_3_4_table.bin"Source index = 0
[Install CSFK]File = "../crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Unlock]Engine = CAAMFeatures = RNG
[Install Key]
Verification index = 0Target index = 2File = "../crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem"
[Authenticate Data]
Verification index = 2Blocks = 0x000 0x000 0x87EE6 "barebox-phytec-phycore-imx6q-som-nand-1gib.img"
Bio_TICFSL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Maybe someone of @phytec could help.
Regards
