Signing Code Downloadable with Manufacturing Tool(HAB)

cancel
Showing results for 
Search instead for 
Did you mean: 

Signing Code Downloadable with Manufacturing Tool(HAB)

1,194 Views
Contributor I

Hello all.

NOW I came across a problem with SECURE BOOT(HAB)  on I.MX6S.

I've followed through the AN4581("Signing Code Downloadable with Manufacturing Tool").but i met HAB Event unfortunately.witch as follow.

Out:   serial

Err:   serial

Checking HAB_status

HAB Configuration: 0xf0  HAB State: 0x66

--------- HAB Event 1 -----------------

event data:

    0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00

--------- HAB Event 2 -----------------

event data:

    0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00

--------- HAB Event 3 -----------------

event data:

    0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00

--------- HAB Event 4 -----------------

event data:

    0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

    0x00 0x00 0x00 0x00 0x27 0x80 0x07 0x00

    0x00 0x00 0x00 0x20

--------- HAB Event 5 -----------------

event data:

    0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

    0x00 0x00 0x00 0x00 0x27 0x80 0x07 0x20

    0x00 0x00 0x00 0x04

--------- HAB Event 6 -----------------

event data:

    0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

    0x00 0x00 0x00 0x00 0x00 0x91 0x00 0x00

    0x00 0x00 0x02 0xe0

Net:   got MAC address from IIM: 00:01:02:03:04:05

FEC0 [PRIME]

..main_loop

------------------------------------------------------------------------------------------------------

My u-boot.csf file comes bellow:

-----------------------------------------------------------------------------------------------------

[Header]

  Version = 4.0

  Security Configuration = Open

  Hash Algorithm = sha256

  Engine Configuration = 0

  Certificate Format = X509

  Signature Format = CMS

[Install SRK]

  File = "../crts/SRK_1_2_3_4_table.bin"

  Source index = 0

[Install CSFK]

  File = "../crts/CSF1_1_sha256_1024_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]

  Verification index = 0

  Target index = 2

  File = "../crts/IMG1_1_sha256_1024_65537_v3_usr_crt.pem"

# Sign padded u-boot starting at the IVT through to the end with

# length = 0x2F000 (padded u-boot length) - 0x400 (IVT offset) = 0x2EC00

# Note: 0x2F000 may be different depending on the size of U-Boot

# This covers the essential parts: IVT, boot data and DCD.

# Blocks have the following definition:

# Image block start address on i.MX, Offset from start of image file,

# Length of block in bytes, image data file

[Authenticate Data]

  Verification index = 2

  Blocks = 0x27800400 0x400 0x2EC00 "u-boot-pad.bin",\

    0x00910000 0x42C 0x2E0 "u-boot-pad.bin"

---------------------------------------------------------------------------------------------------

10432_10432.jpgQQ图片20140322124824.jpg

The pic above is the IVT get from u-boot-signed-pad.bin.

--------------------------------------------------------------------------------------------------

Can anyone help me with this.TKS.

Another question is HOW does CST TOOL deal with [Authenticate Data],what's the difference between these below:

[Authenticate Data]

  Verification index = 2

  Blocks = 0x27800400 0x400 0x2EC00 "u-boot-pad.bin",\

               0x00910000 0x42C 0x2E0 "u-boot-pad.bin"  

------------------------------------------------------------------------------------------------

[Authenticate Data]

  Verification index = 2

  Blocks = 0x00910000 0x42C 0x2E0 "u-boot-pad.bin",\

               0x27800400 0x400 0x2EC00 "u-boot-pad.bin"

------------------------------------------------------------------------------------------------

[Authenticate Data]

  Verification index = 2

  Blocks = 0x27800400 0x400 0x2EC00 "u-boot-pad.bin"

[Authenticate Data]

  Verification index = 2

  Blocks =  0x00910000 0x42C 0x2E0 "u-boot-pad.bin"

------------------------------------------------------------------------------------------------

[Authenticate Data]

  Verification index = 2

  Blocks = 0x00910000 0x42C 0x2E0 "u-boot-pad.bin"

[Authenticate Data]

  Verification index = 2

  Blocks = 0x27800400 0x400 0x2EC00 "u-boot-pad.bin"

------------------------------------------------------------------------------------------------

does 0x00910000 is the right address for I.mx6?

THANKS VERY MUCH!

0 Kudos
1 Reply

6 Views
NXP TechSupport
NXP TechSupport

According to Appendix A of the HAB4 API Reference Manual, included in the CST release,

the HAB event occur because of invalid address (access denied).

Also : the HAB API checks that all of the following data have been authenticated
(using their final locations):

IVT

DCD (if provided);

Boot Data (initial byte if provided);

Entry point (initial word).

Please check if each of the above data components is covered by a valid signature.

Next, the following links may be useful :

https://community.freescale.com/docs/DOC-94864

https://community.freescale.com/docs/DOC-96451


Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos