I have a Variscite VAR-SOM-MX8MM and a VAR-DART-MX8MP. I'm trying to get hab_auth_img to work. I don't have authenticated boot working either, but I figured just authenticating an image should be simpler. I have cst-3.1.0 plus the scripts from https://github.com/varigit/var-hab-cst-scripts.git. I've programmed the SRK fuse bits (not entirely sure if I wrote the correct bits in the imx8mp because I don't have all the docs yet, I assumed they were in the same location as the imx8mm). I can get hab_auth_img to run without IVT errors, but all it does is print the HAB log, and it's the same as running hab_status immediately after boot. Do I need to make authenticated boot work to run hab_auth_img? Also, hab_auth_img returns true, even when I deliberately make it fail with bad parameters.
Examples are from the imx8mm. I'm signing a u-boot image just as an example, normally it would be the kernel. If this only works with kernels for some reason, please correct me.
$ LOADADDR=0x40480000 ./var-sign_image.sh ../../u-boot.img
Input image: ../../u-boot.img
Extend ../../u-boot.img from 0xa6ba0 to 0xa7000...
Generate IVT
Attach IVT to output image: ../../u-boot.img-ivt
Generate csf data...
CSF Processed successfully and signed data available in ../../u-boot.img-ivt_csf.bin
Merge image and csf data to output image: ../../u-boot.img-ivt_signed
u-boot=> load mmc 1 $loadaddr boot/u-boot.img-ivt_signed
690504 bytes read in 24 ms (27.4 MiB/s)
u-boot=> hab_auth_img $loadaddr $filesize 0xa7000 && echo ok
hab fuse not enabled
Authenticate image from DDR location 0x40480000...
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x08 0x43 0x33 0x11 0xcf 0x00
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_CSF (0x11)
CTX = HAB_CTX_CSF (0xCF)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x7e 0x0f 0xc0
0x00 0x00 0x00 0x20
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x7e 0x0f 0xe0
0x00 0x00 0x00 0x01
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x7e 0x10 0x00
0x00 0x00 0x00 0x04
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
ok