Hi NXP team,
I am currently working on enabling secure boot support in the imx6ul based custom board. I have read all the documents regarding secure boot support in imx6ul like. (AN4581.pdf, HAB4_API.pdf, HABCST_UG.pdf, and MX6UL Secure Boot DOC-333674.pdf, etc.).
I didn't get below two documents as those are mentioned in "MX6UL Secure Boot DOC-333674.pdf" for steps to enable HAB and verify the function, You can share those documents as we have NDA.
https://community.freescale.com/docs/DOC-96451
https://community.freescale.com/docs/DOC-275249
I have followed the below steps as per documents but not able to get any success. Please help me to figure out the root cause.
=> fuse read 3 0 8
Reading bank 3:
Word 0x00000000: fea39d1c 80ea23e4 630f3e1e 6ecfc2e4
Word 0x00000004: cc8479a6 0a964111 239a0e94 ecd0c737
u-boot-imx-2017.03-r0 do_compile: ./tools/mkimage -n board/freescale/centauri/imximage.cfg.cfgtmp -T imximage -e 0x87800000 -d u-boot.bin u-boot.imx
u-boot-imx-2017.03-r0 do_compile: Image Type: Freescale IMX Boot Image
Image Ver: 2 (i.MX53/6/7 compatible)
Mode: DCD
Data Size: 466944 Bytes = 456.00 KiB = 0.45 MiB
Load Address: 877ff420
Entry Point: 87800000
HAB Blocks: 877ff400 00000000 0006dc00
DCD Blocks: 00910000 0000002c 000001e8
Is my understanding of the padding is correct? and is I have used proper padding for my u-boot image?
You can find my u-boot.imx, u-boot-csf.bin, mod_4_mfgtool.sh,u-boot-sec-pad.imx and mfg tool script in
attachment.
5. I got below status using the hab_status command, I have tried differnt way to fix it out but not able to fix it. So please let me know what is missing in setps for secure boot.
=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x1c 0x42 0x33 0x18 0xc0 0x00
0xca 0x00 0x14 0x00 0x02 0xc5 0x1d 0x00
0x00 0x00 0x0d 0x44 0x87 0x7f 0xf4 0x00
0x00 0x06 0xdc 0x00
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x00
0x00 0x00 0x00 0x20
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x2c
0x00 0x00 0x01 0xe8
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x20
0x00 0x00 0x00 0x01
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x80 0x00 0x00
0x00 0x00 0x00 0x04
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
I have some more queries as below, so please resolve these queries.
Please Note: I just want to authenticate my u-boot image only, not kernel. So I am using only signed u-boot image and want to get no HAB events found using hab_status command. I don't want an encrypted secure boot for this secure boot.
已解决! 转到解答。
Hi prabhunath
additional documents were sent via mail.
Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
Hi prabhunath
additional documents were sent via mail.
Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
After a long time, I'm looking back at my query here. As my HAB implementation is done now. I'm replying to my old question myself to share documents that I obtained from various sources to someone who is struggling on this. Please keep in mind that the NXP docs for HAB are not very well documented so implementation took lots of time and effort. It has lots of variables to take care.. so my suggestion is to, read the documents very carefully. Also there are docs provided with CST package, so read those first.
Hi Nxp team,
I am waiting for your response so please resolve my above queries.
prabhunath.gupt@volansystech.com We're also facing the similar kind of issue now, so can you help us now?