Dear Community:
I'm testing secure boot on HABv4 with signed boot image.The system will hang or reboot during booting kernel.
(1) sometimes the system will hang as the figure-1 below.
(2) sometimes the system will reboot as the figure-2 below.
But the booting log contains “No HAB Events Found!” as shown in the figure-3 below. It means that we have got the correct signed boot image (uboot+kernel) as introduced in below documents.
The system will boot successfully when disable the CRYPTO_DEV_FSL_CAAM function in kernel. I found the "RNG trim fuses" problem in AN4581-chapter 5.6.3 , and I add the command below , but it did't work.
----------------------
[Unlock]
Engine = CAAM
Features = RNG
-----------------------
uboot and kernel csf files attached as 'u-boot_csf.txt' and 'zImage_csf.txt' .
bsp: uboot-v2015.04 + kernel-4.1.15
So, is there some bug about the HAB or CAAM ? Thanks a lot.
《https://boundarydevices.com/high-assurance-boot-hab-dummies》
AN4581 《i.MX Secure Boot on HABv4 Supported Devices》
AN12056 《Encrypted Boot on HABv4 and CAAM Enabled Devices》
AN12263 《HABv4 RVT Guidelines and Recommendations》
Code-Signing Tool-3.1.0 and documents inside this tool package.
figure-1
figure-2
figure-3
@yunyangsihai
Hello,
Please clarify the issue:
1) what is boot device ?
2) is OP-TEE used?
3) is system working with CAAM in non-secure boot mode?
Regards,
Yuri.