Hello Guys,
I have been successful with getting the signed u-boot working. I want to get the same with zImage running. I have signed the zImage according to the following procedure:
1. Pad the original zImage to 0x1000 (4kBytes) -> zImage-padded
2. Create an IVT table and add it to the zImage -> zImage-padded-ivt
3. Generate the Signature for the above and attach it -> zImage-padded-ivt-csf
4. Pad the above image -> zImage-padded-ivt-csf-padded
This final zImage runs without any problem. But I see no HAB events at all for the zImage. I made changes to my u-boot cmd_bootm.c file at the function bootz_start
#ifdef CONFIG_SECURE_BOOT
extern uint32_t authenticate_image(
uint32_t ddr_start, uint32_t image_size);
if (authenticate_image(images->ep, zi_end - zi_start) == 0) {
printf("Authenticate zImage Fail, Please check\n");
return 1;
}
#endif
I also added caam to the kernel parameters but still I dont see any HAB events for zImage
So, I would like to know if there are any missing parameters at kernel or u-boot level or any u-boot settings that enables the authentication of zImage before loading?
Greets,
Satya
