hab_auth_img errors on imx8mp and imx8mm

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

hab_auth_img errors on imx8mp and imx8mm

1,097 Views
jpkotta
Contributor II

I have a Variscite VAR-SOM-MX8MM and a VAR-DART-MX8MP.  I'm trying to get hab_auth_img to work.  I don't have authenticated boot working either, but I figured just authenticating an image should be simpler.  I have cst-3.1.0 plus the scripts from https://github.com/varigit/var-hab-cst-scripts.git.  I've programmed the SRK fuse bits (not entirely sure if I wrote the correct bits in the imx8mp because I don't have all the docs yet, I assumed they were in the same location as the imx8mm).  I can get hab_auth_img to run without IVT errors, but all it does is print the HAB log, and it's the same as running hab_status immediately after boot.  Do I need to make authenticated boot work to run hab_auth_img?  Also, hab_auth_img returns true, even when I deliberately make it fail with bad parameters. 

Examples are from the imx8mm.  I'm signing a u-boot image just as an example, normally it would be the kernel.  If this only works with kernels for some reason, please correct me.

$ LOADADDR=0x40480000 ./var-sign_image.sh ../../u-boot.img 

Input image: ../../u-boot.img
Extend ../../u-boot.img from 0xa6ba0 to 0xa7000...
Generate IVT
Attach IVT to output image: ../../u-boot.img-ivt
Generate csf data...
CSF Processed successfully and signed data available in ../../u-boot.img-ivt_csf.bin
Merge image and csf data to output image: ../../u-boot.img-ivt_signed
u-boot=> load mmc 1 $loadaddr boot/u-boot.img-ivt_signed
690504 bytes read in 24 ms (27.4 MiB/s)
u-boot=> hab_auth_img $loadaddr $filesize 0xa7000 && echo ok
hab fuse not enabled

Authenticate image from DDR location 0x40480000...

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
	0xdb 0x00 0x08 0x43 0x33 0x11 0xcf 0x00

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_CSF (0x11)
CTX = HAB_CTX_CSF (0xCF)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
	0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
	0x00 0x00 0x00 0x00 0x00 0x7e 0x0f 0xc0
	0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 3 -----------------
event data:
	0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
	0x00 0x00 0x00 0x00 0x00 0x7e 0x0f 0xe0
	0x00 0x00 0x00 0x01

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 4 -----------------
event data:
	0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
	0x00 0x00 0x00 0x00 0x00 0x7e 0x10 0x00
	0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

ok

 

 

Labels (1)
Tags (4)
0 Kudos
Reply
1 Reply

1,082 Views
Yuri
NXP Employee
NXP Employee
0 Kudos
Reply