- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- Secure boot on iMX8MM using HABv4
Secure boot on iMX8MM using HABv4
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Secure boot on iMX8MM using HABv4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We are using iMX8MM board and trying to achieve Secure boot through HAB4.
Here is my flash.bin build log:
$ make SOC=iMX8MM flash_sx8m_flexspi
./mkimage_imx8 -version v1 -dev flexspi -fit -loader u-boot-spl-ddr.bin 0x7E2000 -second_loader u-boot-sx8m.itb 0x40200000 0x60000 -out flash.bin
Platform: i.MX8M (mScale)
ROM VERSION: v1
BOOT DEVICE: flexspi
Using FIT image
LOADER IMAGE: u-boot-spl-ddr.bin start addr: 0x007e2000
SECOND LOADER IMAGE: u-boot-sx8m.itb start addr: 0x40200000 offset: 0x00060000
Output: flash.bin
========= IVT HEADER [HDMI FW] =========
header.tag: 0x0
header.length: 0x0
header.version: 0x0
entry: 0x0
reserved1: 0x0
dcd_ptr: 0x0
boot_data_ptr: 0x0
self: 0x0
csf: 0x0
reserved2: 0x0
boot_data.start: 0x0
boot_data.size: 0x0
boot_data.plugin: 0x0
========= IVT HEADER [PLUGIN] =========
header.tag: 0x0
header.length: 0x0
header.version: 0x0
entry: 0x0
reserved1: 0x0
dcd_ptr: 0x0
boot_data_ptr: 0x0
self: 0x0
csf: 0x0
reserved2: 0x0
boot_data.start: 0x0
boot_data.size: 0x0
boot_data.plugin: 0x0
========= IVT HEADER [LOADER IMAGE] =========
header.tag: 0xd1
header.length: 0x2000
header.version: 0x41
entry: 0x7e2000
reserved1: 0x5f000
dcd_ptr: 0x0
boot_data_ptr: 0x7e1fe0
self: 0x7e1fc0
csf: 0x80d9c0
reserved2: 0x0
boot_data.start: 0x7e0fc0
boot_data.size: 0x2ea00
boot_data.plugin: 0x0
========= OFFSET dump =========
Loader IMAGE:
header_image_off 0x1000
dcd_off 0x1000
image_off 0x1040
csf_off 0x2ca00
spl hab block: 0x7e1fc0 0x1000 0x2ba00
Second Loader IMAGE:
sld_header_off 0x60000
sld_csf_off 0x61020
sld hab block: 0x401fcdc0 0x60000 0x1020
./../scripts/fspi_packer.sh ../scripts/fspi_header 0
0+1 records in
0+1 records out
512 bytes copied, 0.00017218 s, 3.0 MB/s
1803+1 records in
1803+1 records out
1846768 bytes (1.8 MB, 1.8 MiB) copied, 0.014392 s, 128 MB/s
1+0 records in
1+0 records out
512 bytes copied, 0.000259238 s, 2.0 MB/s
F(Q)SPI IMAGE PACKED
And here is my print_fit_hab_flexspi log:
$ make SOC=iMX8MM print_fit_hab_flexspi
./../scripts/pad_image.sh bl31.bin
TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 BOOT_DEV="flexspi" ./print_fit_hab.sh 0x60000 imx8mm-cgtsx8m.dtb
0x40200000 0x63000 0x14E348
0x920000 0x1B1348 0xA1D8
0x4034E348 0x1BB520 0x8915
I have attached the csf_spl.txt and csf_fit.txt files.
I am able to generate csf_spl.bn using Code signing Tool (cst-3.1.0) with the same csf_spl.txt file. But, when I try to generate csf_fit.bin,I get the following error:
Invalid Block arguments, Blocks start offset and length together exceed file size in command AuthenticateData
I came across similar questions on the forum where people suggested to pass "VERSION=v1" parameter to print_fit_hab, but that doesnt make any difference in the output for me (which makes perfect sense when I looked into the print_fit_hab.sh file. "VERSION=v1" changes "ivt_off" variable in the file. but the variable is not used when "BOOT_DEV" is "felxspi", which is my case).
Hence, this solution does not work for me.
Please help in this regard
Thank you
Sanath
Harvey021
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @_sanath_
I'm not sure what the target is you are building.
You can try to compare the actual size of these images with those in your csf. seem that signature length is larger than the actual file。
Best regards
Harvey
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Harvey021
1. We want to have the u-boot in FlexSPI, hence building u-boot for the same. I have attached the soc.mak and print_fit_hab.sh for reference.
2. I did compare the sizes of the images and they are all matching.
One observation is that, if I exclude the .dtb image from the Authenticate data block ( I have attached the modified "csf_fit.txt" file for reference), I am able to generate the csf_fit.bin.
But the size of dtb mentioned in the csf file is same as the actual size of dtb.
