- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- Re: Should auth_cntr provide a return value?
Should auth_cntr provide a return value?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using an i.mx93 in OEM_Open mode, I was validating the detection of invalidly signed containers.
The code in u-boot for "\include\configs\imx93_evk.h" implies that the auth_cntr returns a value which could be used in an "if statement" in the environment.
"auth_os=auth_cntr ${cntr_addr}\0" \
"mmcboot=echo Booting from mmc ...; " \
"run mmcargs; " \
"if test ${sec_boot} = yes; then " \
"if run auth_os; then " \
"run boot_os; " \
"else " \
"echo ERR: failed to authenticate; " \
"fi; " \
....The check "if run auth_os; then" gives the impression that the success of the container validation is available as a return value.
However testing shows that the result is always "0", for both a valid and invalid signed container. The ahab_status command does report errors after validating the invalid signed container.
Is this expected behavior for an OEM_Open device ? Or is the imx93_evk.h file implying something that is not there ?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It seems the result value only reports something about the execution of the auth_cntr command and not if the container itself is authentic.
For OEM_Open scenarios this might result in the "run boot_os" to be executed even when the container is not authentic.
For OEM_Closed scenarios, the call to auth_cntr will result in an immediate reboot, so the if statement will never be completed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It seems the result value only reports something about the execution of the auth_cntr command and not if the container itself is authentic.
For OEM_Open scenarios this might result in the "run boot_os" to be executed even when the container is not authentic.
For OEM_Closed scenarios, the call to auth_cntr will result in an immediate reboot, so the if statement will never be completed.
Harvey021
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The auth_os verifies the container which is built with kernel and DTB. The ahab_status just reports what was verified.
Which version of BSP are you testing and what AHAB events?
Best regards
Harvey
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am running a yocto scarthgap based image on an i.MX93 based board, running a rather old 2022.04 u-boot (at the moment).
The idea was to have a number of ahab containers:
- 1st container: ELE, DDR FW, SPL
- 2nd container: ATF, OP-TEE, U-Boot
- 3rd container: Kernel
- 4th container: dtb
- ....nth
All containers are verified via the chain of trust, starting with ROM verifying the 1st, SPL the 2nd, u-boot the 3rd, 4th and possibly additional containers.
To verify the 3rd and 4th container in u-boot, I use the auth_cntr command and it provides info via ahab_status on the result. However the idea was to add this to a bootcmd, allowing each container to be validated and stopping or moving to a recovery mode on failure.
So the question I have is, how can I use the auth_cntr in an automated/scripted implementation? Or is adding these steps/verifications in the code itself and calling a custom command to handle these checks more suitable/normal practice?
Harvey021
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hope that the section <10.9 Security reference design> of the guide may help for you.
Regards
Harvey
