Hi,
I used my i.MX8MQ custom board to develop secure boot by following this document [mx8m_secure_boot.txt] . After I program SEC_CONFIG[1] fuse on devices, it cannot boot up.
Is there anything wrong?
Regards,
Derek Lin
Hi
There is problem with SPL verify hash.
Have you run hab_status to verify your signing imge before close the device?
Can you share how you sign, csf files?
Regards
Harvey
Hi @Harvey021 ,
hab_status :
flash.bin build log:
print_fit_hab build log:
csf_spl.txt:
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
# Index of the key location in the SRK table to be installed
File = "../../crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
# Key used to authenticate the CSF data
File = "../../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Unlock]
# Leave Job Ring and DECO master ID registers Unlocked
Engine = CAAM
Features = MID
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target index = 2
# Key to install
File = "../../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x7e0fc0 0x1a000 0x3a400 "flash.bin"
csf_fit.txt:
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
# Index of the key location in the SRK table to be installed
File = "../../crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
# Key used to authenticate the CSF data
File = "../../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target index = 2
# Key to install
File = "../../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x401fadc0 0x057c00 0x001020 "flash.bin", \
0x40200000 0x05CC00 0x10ECB0 "flash.bin", \
0x4030ECB0 0x16B8B0 0x00DF60 "flash.bin", \
0x00910000 0x179810 0x00A0E0 "flash.bin", \
0xFE000000 0x1838F0 0x08A350 "flash.bin"
Regards,
Derek Lin
As need your PKI, and signing images ...etc. Will send you email.
Regards
Harvey