Hi all,
I am working on a board with imx6dlsabresd processor and yocto 2.5 linux.
Now I am trying to implement secure boot feature for this and facing some challenges. Using the below link for implementing secure boot.
https://boundarydevices.com/high-assurance-boot-hab-dummies/
1. I am not able to activate Support i.MX HAB features feature for my u-boot and build it. It throws an error like invalid command (SECURE_BOOT). Our vendor informed me that we are missing HAB library to build this feature and need to get that from NXP. Is that correct?
2. Is the mentioned error is for missing HAB library? if yes how to get that and integrate with our BSP?
Thanks
Dipin
Hi DipinPK
one can follow uboot guidelines on:
https://source.codeaurora.org/external/imx/uboot-imx/tree/doc/imx/habv4?h=imx_v2020.04_5.4.47_2.2.0
AN4581 Secure boot
www.nxp.com/docs/en/application-note/AN4581.pdf
Code Signing Tools
https://www.nxp.com/design/software/embedded-software/i-mx-software:IMX-SW
Best regards
igor
Thanks for your reply.
I tried to enable the secure boot support using below method.
1.2 Enabling the secure boot support ------------------------------------- The first step is to generate an U-Boot image supporting the HAB features mentioned above, this can be achieved by adding CONFIG_IMX_HAB to the build configuration: - Defconfig: CONFIG_IMX_HAB=y - Kconfig: ARM architecture -> Support i.MX HAB feature
But failed to build the u-boot after making configuration change.
Got an error like Invalid command (SECURE_BOOT).
Please help to build the u-boot with secure boot support enabled.
Regards
Dipin
Hi Dipin
this may depend on uboot version, as described on below patch
https://www.mail-archive.com/u-boot@lists.denx.de/msg373581.html
Best regards
igor
Hi,
My u-boot version is 2018.03
Regards
Dipin
Hi Dipin
suggest to try latest
if board is based on boundary boards, its version:
https://github.com/boundarydevices/u-boot-imx6/tree/b-imx_v2020.04_5.4.47_2.2.0
Best regards
igor
Hi
Actually we have to use the existing version of u-boot as we have custom modification in that.
So it will be great if you can suggest some way to use the existing u-boot with secure boot feature.
Regards
Dipin
Hi Dipin
suggest to test procedure on some NXP i.MX reference board with uboot from
source.codeaurora.org/external/imx repository then repeat the same steps on custom
board.
Best regards
igor
Hi,
I am able to build the u-boot with secure boot feature enabled. But the below command not showing any HAB Block details..
The below is my command for that.
./tools/mkimage -n board/freescale/mx6sabresd/mx6dl_fs053_nt5cc256m16ep-ek-RA_Ver.cfg.cfgtmp -T imximage -e 0x17800000 -d u-boot-dtb.bin u-boot-dtb.imx
and this command shows output like below.
Image Type: Freescale IMX Boot Image
Image Ver: 2 (i.MX53/6/7 compatible)
Mode: DCD
Data Size: 663552 Bytes = 648.00 KiB = 0.63 MiB
Load Address: 177ff420
Entry Point: 17800000.
What is missing for my u-boot?
Why its not showing HAB Blocks?
Please provide your comments.
Thanks