We're trying to implement secure boot through HAB here. We have signed the SPL/U-boot image through cst and burnt the fuses corresponding to the public key. Now when testing for HAB events with the u-boot command 'hab_status' it displays the following:
u-boot=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
Missing in the output is the print 'No HAB Events Found!', but no HAB events are obviously displayed either.
Further debugging shows that the u-boot function 'hab_rvt_report_status()' returns HAB_WARNING (0x69).
So question is, what does this error/warning indicate, what might be wrong with our setup?
BR, Olle
Hi Olle
seems it is described in RNG-self-test-patch on
Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
Hi Igor,
Do I understand it correctly that this is a bug in boot ROM and not caused by our setup?
The patch mentions iMX6, but it affects iMX8 also?
/Olle
Hi Olle
yes this is correct understanding.
iMX8 are not affected.
Best regards
igor
Hi Igor,
We're on iMX8M so then this patch is irrelevant for our potential error I guess.
Any other idea what might be causing the warning from hab_rvt_report_status()?
Is it a problem or can it be ignored, that is - if we close the device will it still boot?
BR,
Olle
Hi Olle
sorry I missed that it is i.MX8M.
Is there any plan for when secure boot will be officially supported by NXP?
BR, Olle
Hi Olle
I think such app note will be published, unfortunately I am not aware of date.
Best regards
igor
Hi,
I just found this thread while working on secure boot for imx8m evkb board.
Is secure boot supposed to be supported now ? If it is, could you please let met know the version of the BSP to use in this case. (I am trying to use it but I without success for now and looking at the code in U-Boot / ATF, I have the feeling that it is not fully supported yet but maybe I am not using the correct version of the BSP).
Best regards,