Secure boot imx6sx

naveenprasath_0 · ‎12-09-2020

We are implementing secure boot in imx6sx . We have signed the uboot image with csf file and hab blocks have been mentioned properly as per uboot image log file and the uboot image has been booting properly.

But the hab_status command produces the following event,

=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x24 0x42 0x69 0x30 0xe1 0x1d
0x00 0x08 0x00 0x02 0x40 0x00 0x36 0x06
0x55 0x55 0x00 0x03 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x01

STS = HAB_WARNING (0x69)
RSN = HAB_ENG_FAIL (0x30)
CTX = HAB_CTX_ENTRY (0xE1)
ENG = HAB_ENG_CAAM (0x1D)

=>

Can you please help to resolve this event?

igorpadykov · ‎12-10-2020

Hi naveenprasath_0

events are related to issue with the RNG self test in HAB, details can be found

in sect.5.6.3 RNG AN4581 i.MX Secure Boot on HABv4 Supported Devices

https://www.nxp.com/docs/en/application-note/AN4581.pdf

Best regards
igor

naveenprasath_0 · ‎12-20-2020

As per the document we have added

[Unlock]

Engine = CAAM

Features = RNG

in the uboot CSF file and signed the uboot image

now also we are getting this event

=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 ----------------- event data:

0xdb 0x00 0x24 0x42 0x69 0x30 0xe1 0x1d 0x00 0x08 0x00 0x02 0x40 0x00 0x36 0x06 0x55 0x55 0x00 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x01 STS = HAB_WARNING (0x69) RSN

= HAB_ENG_FAIL (0x30)

CTX = HAB_CTX_ENTRY (0xE1)

ENG = HAB_ENG_CAAM (0x1D) =>

Secure boot imx6sx

Secure boot imx6sx

i.MX6SoloX