Secure Boot with HAB: system hang during booting kernel when 'No HAB Events Found!' - iMX6UL

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Secure Boot with HAB: system hang during booting kernel when 'No HAB Events Found!' - iMX6UL

1,318 Views
yunyangsihai
Contributor II

Dear Community:

 

I'm testing secure boot on HABv4 with signed boot image.The system will hang or reboot during booting kernel.

(1) sometimes the system will hang as the figure-1 below.

(2) sometimes the system will reboot as the figure-2 below.

But the booting log contains “No HAB Events Found!” as shown in the figure-3 below. It means that we have got the correct signed boot image (uboot+kernel) as introduced in below documents.

The system will boot successfully when disable the CRYPTO_DEV_FSL_CAAM function in kernel. I found the "RNG trim fuses" problem in AN4581-chapter 5.6.3  , and I add the command below , but it did't work.

----------------------

[Unlock]
Engine = CAAM
Features = RNG

-----------------------

uboot and kernel csf files attached as 'u-boot_csf.txt' and 'zImage_csf.txt' .

bsp: uboot-v2015.04 + kernel-4.1.15

So, is there some bug about the HAB or CAAM ? Thanks a lot.

 《https://boundarydevices.com/high-assurance-boot-hab-dummies

AN4581 《i.MX Secure Boot on HABv4 Supported Devices》

AN12056 《Encrypted Boot on HABv4 and CAAM Enabled Devices》

AN12263 《HABv4 RVT Guidelines and Recommendations》

Code-Signing Tool-3.1.0 and documents inside this tool package.

0 Kudos
2 Replies

1,316 Views
yunyangsihai
Contributor II

figure-1.png

 figure-1

figure-2.png

figure-2

figure-3.png

figure-3 

0 Kudos

1,274 Views
Yuri
NXP Employee
NXP Employee

@yunyangsihai 
Hello,

   Please clarify the issue:
1) what is boot device ?
2) is OP-TEE used?
3) is system working with CAAM in non-secure boot mode?

Regards,
Yuri.

0 Kudos