- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
I have been using manufacturing tool with USB serial downloader to flash images on to the device. I followed AN4581 to generate the SRKs, configuring, building u-boot and finally signing the U-boot image. I was to flash the signed u-boot image, unsigned images of kernel, boot, system and recovery images. I checked the hab_status to make sure there were no events generated during boot.
=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
Following the above I went on to close the device using the following commands
On i.MX 7S and i.MX 7D 0x470[25]:
fuse prog 1 3 0x2000000
After I closed the device I have NOT been unable to flash anything on the device. Here is what happens:
The manufacturing tool detects the HID complaint device when powered on.
I see some of the messages from the ucl2 script where the images get bootstraped/loaded to DDR. Manufacturing tool says "Jumping to OS image" and gets stuck. Finally here is where it breaks down.
ModuleID[2] LevelID[10]: *********MxHidDevice[02F851A8] Jump to Ramkernel successfully!**********
ModuleID[2] LevelID[10]: CmdOperation[0], current state command has been finished and the last command is successful, so SetEvent(hDevCanDeleteEvent)
ModuleID[2] LevelID[10]: CmdOperation[0] device chagned and reset to state 0
ModuleID[2] LevelID[10]: ExecuteCommand--Boot[WndIndex:0], File is C:\Users\PB00017906\Documents\CE32\mfgtool-c7ef687\Profiles\linux\OS Firmware\firmware\u-boot-imx7dce32-signed.imx
ModuleID[2] LevelID[1]: WriteReg(): Invalid write ack: 0xa223304
ModuleID[2] LevelID[1]: Failed to initialize memory!
ModuleID[2] LevelID[1]: PortMgrDlg(0)--MxHidDevice--Command Boot excute failed
ModuleID[2] LevelID[10]: CmdOperation[0], current command executed failed, so SetEvent(hDevCanDeleteEvent).
FYI, The manufacturing bootloader is also signed with the same keys.
Any help would be appreciated.
Thanks
已解决! 转到解答。
Yuri,
Thanks for the support. I am now able to sign the images and boot the manufacturing bootloader and kernel. The addresses were a little off, fixing that helped get past the problem. You can mark this as closed.
Yuri,
Thanks for the support. I am now able to sign the images and boot the manufacturing bootloader and kernel. The addresses were a little off, fixing that helped get past the problem. You can mark this as closed.
Hello,
the MFG tool should also use signed target images (U-boot, kernel)
Have a great day,
Yuri
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hello Yuri,
I have signed every single image I am using, both the manufacturing bootloader, zImage, initramfs, device tree and the actual target images (uboot, partition table, boot image, recovery image and system image).
On the manufacturing tool this is what I see when it fails
"Boot" body="BootStrap" error, file="C:\Users\PB00017906\Documents\CE32\mfgtool-c7ef687\Profiles\linux\OS Firmware\firmware\u-boot-imx7dxxx-signed.imx"
which is essentially the first step in the UCL2 script
<CMD state="BootStrap" type="boot" body="BootStrap" file ="firmware/u-boot-imx7d%7duboot%%secure%.imx" ifdev="MX7D">Loading U-boot</CMD>.
I have tried this on two devices and it fails as soon as close the fuses. Hope you can throw some light.
Thanks
Praveen
Hello,
Have You followed instructions in Appendix F (i.MX manufacturing tool) in "Secure Boot on i.MX 50,
i.MX 53, i.MX 6 and i.MX 7 Series using HABv4" Application Note, Rev. 2, 05/2018 - how to use signed
images with the MFG?
https://www.nxp.com/docs/en/application-note/AN4581.pdf
Regards,
Yuri.
