[Urgent] HAB Secure Boot - weird behavior

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[Urgent] HAB Secure Boot - weird behavior

471 Views
aleksandar_niko
Contributor III

Hello Experts,

I have a super weird problem with the HAB secure boot on my imx8m nano, please do not tell to me evalulate the HAB events as it is really weird and I need some pointers to solve my problem :).

In most cases it works without any issues, however sometimes I am getting HAB events (listed below) for the flash.bin. The only difference is the U-Boot source code - in the case with HAB events the binary is for 72 bytes smaller than in the good case (no HAB events). We also added dummy functions to the U-Boot and it works, so I guess there are some very special cases when the Secure Boot does not work.

CSF Files

Good case (no HAB events)

0x401fcdc0 0x58000 0x1020
0x40200000 0x5B000 0xC04D0   // uboot
0x402C04D0 0x11B4D0 0x914E   // uboot dtb
0x960000 0x124620 0xA0D0     // tfa

Bad case (HAB events present)

0x401fcdc0 0x58000 0x1020
0x40200000 0x5B000 0xC0488    // uboot
0x402C0488 0x11B488 0x914E    // uboot dtb
0x960000 0x1245D8 0xA0D0      // tfa

 

As you can see in the good case the U-Boot binary is of size 0xC04D0, in the bad case is of size 0xC0488, and that is the only difference.

 

Magic Number (hexdump)

Good case (no HAB events)

0058000 0dd0 edfe 0000 6f03 0000 3800 0000 fc02
011b480 0dd0 edfe 0000 4e91 0000 3800 0000 2886

 

Bad case (HAB events present)

0058000 0dd0 edfe 0000 6f03 0000 3800 0000 fc02
011b780 71e0 4028 0000 0000 0dd0 edfe 0000 4e91

Please note the magic number again:

0058000 0dd0 edfe 0000 6f03 0000 3800 0000 fc02

011b780 71e0 4028 0000 0000 0dd0 edfe 0000 4e91

 

HAB events

u-boot=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x40 0x1f 0xdd 0xc0
        0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x40 0x1f 0xcd 0xc0
        0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 3 -----------------
event data:
        0xdb 0x00 0x34 0x45 0x33 0x18 0xc0 0x00
        0xca 0x00 0x2c 0x00 0x02 0xc5 0x1d 0x00
        0x00 0x00 0x09 0xf4 0x40 0x1f 0xcd 0xc0
        0x00 0x00 0x10 0x20 0x40 0x20 0x00 0x00
        0x00 0x0c 0x07 0x88 0x40 0x2c 0x07 0x88
        0x00 0x00 0x91 0x4e 0x00 0x96 0x00 0x00
        0x00 0x00 0xa0 0xd0

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

 

Any help is highly appreciated.

 

Regards,

Aleksandar

Labels (1)
0 Kudos
Reply
1 Reply

455 Views
Zhiming_Liu
NXP TechSupport
NXP TechSupport

Which version of U-boot you are using?

0 Kudos
Reply