- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
-
[URGENT] What prints could possibly come when HAB closed mode is triggered?
Hi all,
As part of my current task, I have enabled HAB(OPEN mode) and make my images signed. I have followed the below document.
1) i.MX 6 Linux High Assurance Boot (HAB) User's Guide, Rev L3.10.17_1.0.0-ga, 05/2014
NOTE: The steps and reference that I have followed is mentioned earlier in the following thread.
Need to know how to implement HAB with Yocto BSP (Kernel 3.10.17)
I have followed all the steps that are given in the document till 18th step and in 18th step, I fused the SRK values. I didn't perform OTPMK, RNG_TRIM and SEC_CONFIG settings here.
In OPEN mode configuration I can able to get the below prints while booting.
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
Once, I got the above message (this means no error), I started proceeding with the further pending steps in 18th. Since, OTPMK is factory burned, I didn't do this one.
I have Turn on RNG_TRIM by echo 0x00040000 > HW_OCOTP_MEM0 and Put SEC_CONFIG to close (turn on chip security) by echo 0x2 > HW_OCOTP_CFG5.
After that, when I reboot my system, nothing(no prints) is coming on the console! As from the document if something happened, then HAB events should come. Then why I'm not getting nothing on the console (is my processor bricked)? According to the document, these 2 steps can be done once we get "No HAB Events Found!" message in OPEN mode.
Could anyone help me to understand what exactly happened here from OPEN mode working case to CLOSE mode non working?
Thank you in advance,
Ajith P V
Hello,
The print messages are provided by U-boot ; it is running
in open configuration. In closed one, if some security check
has not been passed U-boot does not start and there are no
messages. Please take a look at section 7.1 (SRK Authentication
for i.MX 6 Series in Open Configuration) of the app note AN4581.
It makes sense to check the fuses.
AN4581 "Secure Boot on i.MX50, i.MX53, and i.MX 6 Series using HABv4".
http://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf
Have a great day,
Yuri
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
Hi,
Thank you for your response. I have gone through the AN4581 document.
According to the AN4581 :
“However, for i.MX 6 Series in Open configuration, the HAB always skips the verification of the SRK table, regardless of whether the SRK fuse field has been provisioned or not.”
Whether this statement means that, even though "no HAB event" came in open configuration, I couldn't able to confirm it is OK?
How should I make sure everything is perfect in Open configuration and can go to close configuration then?
How I can check the SRK fuses? Using "ls | grep "SRK.$" | xargs cat " command?
I would like to tell you that, I already perform close mode and now what I can do on that?
Thank you in advance,
Ajith P V
