hav4 encryption in uboot

martinetd · ‎05-17-2022

Hello,

using the CST tool I have been able to generate an encrypted u-boot following this guide:

https://source.codeaurora.org/external/imx/uboot-imx/tree/doc/imx/habv4/guides/mx8m_encrypted_boot.t...

I have also been able to sign my linux kernel image using the "Authenticating additional boot images" procedure of the secure boot guide:

https://source.codeaurora.org/external/imx/uboot-imx/tree/doc/imx/habv4/guides/mx8m_secure_boot.txt?...

But I wasn't able to make use of encryption on additional boot images when adapting the procedure to the same as the uboot FIT image; when I do hab_auth_img (or as done automatically through booti) fail with status (STS) failure (0x33) and an undocumented reason (RSN) of 0x3a. This makes uboot crash and reset the board on watchdog as it cannot lookup the text for RSN, and it's not present anywhere in the CST habv4 documentation either.

Perhaps it is documented in internal documentations?

Here is the procedure I'm trying for encrypting the linux kernel:

- padding the kernel with objcopy

- running genIVT.pl and appending to the image, genIVT is as below. Note the CSF pointer has been updated (+0x60 from original one) to allow room for the dek blob, so the layout is [Image, ivt, dek blob, csf]. In the uboot case, dek blob is also within the image in a zone that is not signed, so I tried to reproduce a similar layout.

use strict;
print pack("V", 0x412000D1); # Signature
print pack("V", 0x40480000); # Load Address (*load_address)
print pack("V", 0x0); # Reserved
print pack("V", 0x0); # DCD pointer
print pack("V", 0x0); # Boot Data
print pack("V", 0x41581000); # Self Pointer (*ivt)
print pack("V", 0x41581080); # CSF Pointer (*csf)
print pack("V", 0x0); # Reserved

- appending 0x60 bytes of zeroes for the dek blob

- running CST once first to encrypt with the following csf. Note the ivt is not encrypted (and neither is the header for signature detection but that shouldn't matter).

[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS

[Install SRK]
File = "../cst-3.3.1/crts/SRK_1_2_3_4_table.bin"
Source index = 0

[Install CSFK]
File = "../cst-3.3.1/crts/CSF1_1_sha256_secp521r1_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
Verification index = 0
Target index = 2
File = "../cst-3.3.1/crts/IMG1_1_sha256_secp521r1_v3_usr_crt.pem"

[Authenticate Data]
Verification index = 2
Blocks = 0x40480000 0 0x1000 "Image_signing.enc"

[Unlock]
Engine = CAAM
Features = MID

[Install Secret Key]
    Verification Index = 0
    Target Index = 0
    Key = "Image.dek_linux.bin"
    Key Length = 128
    # Authenticate Start Address +  SPL & DDR FW image length + CSF Padding
    Blob Address = 0x1101020

[Decrypt Data]
    # The decrypt data command below causes CST to modify the input
    # file and encrypt the specified block of data. This image file
    # is a copy of the file used for the authentication command above
    Verification Index = 0
    Mac Bytes = 16
    # Start Address = Start Address + SPL header
    # Offset = Image offset (image_off) = 0x40
    # Decrypt size = Image length - SPL header
    Blocks = 0x40481000 0x1000 0xe68000 "Image_signing.enc"

- do a second run of cst to sign the encrypted data; like uboot fit image we re-encrypt to a dummy file that is ignored so the offset for encryption key is specified in csf. This time we sign the whole thing, including the ivt.

[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS

[Install SRK]
File = "../cst-3.3.1/crts/SRK_1_2_3_4_table.bin"
Source index = 0

[Install CSFK]
File = "../cst-3.3.1/crts/CSF1_1_sha256_secp521r1_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
Verification index = 0
Target index = 2
File = "../cst-3.3.1/crts/IMG1_1_sha256_secp521r1_v3_usr_crt.pem"

[Authenticate Data]
Verification index = 2
Blocks = 0x40480000 0 0x1101020 "Image_signing.enc"

[Unlock]
Engine = CAAM
Features = MID

[Install Secret Key]
    Verification Index = 0
    Target Index = 0
    Key = "Image.dek_linux_dummy.bin"
    Key Length = 128
    # Authenticate Start Address +  SPL & DDR FW image length + CSF Padding
    Blob Address = 0x1101020

[Decrypt Data]
    # The decrypt data command below causes CST to modify the input
    # file and encrypt the specified block of data. This image file
    # is a copy of the file used for the authentication command above
    Verification Index = 0
    Mac Bytes = 16
    # Start Address = Start Address + SPL header
    # Offset = Image offset (image_off) = 0x40
    # Decrypt size = Image length - SPL header
    Blocks = 0x40481000 0x1000 0xe68000 "Image_signing.enc.dummy"

- copy the encryption nonce from the first csf to the second, append the csf to the image

- copy the file and dek blob to the imx8mp board, use dek_blob in uboot on the dek_blob and write it at the correct offset in the linux image

- try to boot or use hab_auth_img on it:

u-boot=> hab_auth_img 0x40480000 0x1101afc 0x1101000 
hab fuse not enabled

Authenticate image from DDR location 0x40480000...

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x3a 0xc0 0x00
        0xbe 0x00 0x0c 0x01 0xbb 0x00 0x00 0x00
        0x41 0x58 0x10 0x20

STS = HAB_FAILURE (0x33)

Note how the output stops here, because 0x3a is not in the RSN table. At this point watchdog kicks in after a few seconds and board resets.

From the later parameters, 0x41581020 is the dek blob address; I do not recognize the other parameters.

(Note this is similar to https://community.nxp.com/t5/i-MX-Processors/HABv4-encrypted-boot-for-linux-kernel-on-imx8mp-board/m... which did not get any answer; I've tried to provide more details and will be happy to answer any additional questions)

Any help would be apprepciated! Thank you!

Harvey021 · ‎06-02-2022

Hi @martinetd

The Image layout should be as follows:

addr        layout              length
0x40480000  Image + padding     0x10A7000
0x41527000  IVT                 0x20
0x41527020  DEK blob(256 bits)  0x60
0x41527080  CSF data            ?

Can you please dump IVT content of encrypted Image to share with us?

Best regards

Harvey

martinetd · ‎06-02-2022

Hi @Harvey021

Thanks again for looking,

> The Image layout should be as follows:

That is correct.

> Can you please dump IVT content of encrypted Image to share with us?

$ cat genIVT.pl
#!/usr/bin/perl -w
use strict;
print pack("V", 0x412000D1); # Signature
print pack("V", 0x40480000); # Load Address (*load_address)
print pack("V", 0x0); # Reserved
print pack("V", 0x0); # DCD pointer
print pack("V", 0x0); # Boot Data
print pack("V", 0x41527000); # Self Pointer (*ivt)
print pack("V", 0x41527080); # CSF Pointer (*csf)
print pack("V", 0x0); # Reserved

$ dd if=Image.encrypted bs=32 count=1 skip=$((0x10a7000)) iflag=skip_bytes status=none | xxd
00000000: d100 2041 0000 4840 0000 0000 0000 0000  .. A..H@........
00000010: 0000 0000 0070 5241 8070 5241 0000 0000  .....pRA.pRA....

I have only updated genIVT with the new CSF address and not touched anything else, is there perhaps something to set for encryption? I've just compared it with the ivt used for imx-mkimage's fit image and boot_data is not 0 there, but that does not look related to encryption.

Thank you,

Dominique

Harvey021 · ‎06-06-2022

@martinetd

The script genIVT seems okay.

Can you provide the kernel image before and after encryption? We need to compare them.

Best regards

Harvey

martinetd · ‎06-06-2022

hi @Harvey021

sure here are the images in attachment.

Images_signing contains the ivt and trailing zeros for the dek file -- but the offsets and length in the csf only include up to (including) the ivt so it shouldn't matter, it might be worth trying not adding the dek files zeroes until later? It's late now I'll try tomorrow and report back if it helps.

Images_encrypted contains the final result after dek_blob has been run and embedded back in the image.

Comparing them binary-wise is as I would expect: data from 0x1000 to 0xe69000 is garbled in the encrypted version as specified, and the trailing data in encrypted image contains dek and csf. Maybe you might spot something in there.

The image is a fit image, but that doesn't matter for hab_auth_image command.

Thanks,

Dominique

Harvey021 · ‎06-12-2022

Hi @martinetd

In order to reproduce the issue on our side, we verify kernel Image encryption and authentication on our local opened i.mx8mq EVK, the encrypted Image layout is same as yours. HABv4 authenticate work well with u-boot "hab_auth_img" command. Detailed steps please find in the attachment.

Your log show the issue is related with DEK blob. I wonder what device do you use, opened or closed? If closed chip used, can you try this on an opened device?

You can refer to the attached steps that has been verified on our side.

Best regards

Harvey

martinetd · ‎06-17-2022

hi @Harvey021

Thanks for confirming the process, I think it corresponds to what I was doing but I tried reproducing with your exact instructions.

There were a couple of differences like using RSA, and the board I tested on was indeed locked. I've used a different board that I've kept open for this test, and reproduced the very same error.

You didn't reply when I asked if OPTEE support is mandatory -- the configuration keys CFG_NXPCRYPT=y CFG_GEN_DEK_BLOB=y are not present in my version of the code, would that be related?

The other thing I noticed is that your csf file is 16 bytes bigger, which is surprising given we give it the same commands. I'm using cst-3.1.1 on linux64 in case that matters.

I've attached:

- the new version of the text file

- all intermediate small files (csf etc)

- the initial Image file and the final Image_encrypted files. Image_encrypted is too big for forum and I've split in two with `split -b 20M -d Image_encrypted Image_encrypted.` -- please cat the files together after decompressing if required.

For quick access, here's just the final uboot log in case that'd be enough; this is also in the text file.

u-boot=> fatload mmc 2:6 0x40480000 Image_encrypted
31789044 bytes read in 692 ms (43.8 MiB/s)

u-boot=> md 0x422D0000
// 256bit
422d0000: 412000d1 40480000 00000000 00000000    .. A..H@........
422d0010: 00000000 422d0000 422d0080 00000000    ......-B..-B....
422d0020: 43580081 00205566 ac3de89c 77ba1416    ..XCfU ...=....w
422d0030: 2684a6c8 3437655f d553537f 8494418c    ...&_e74.SS..A..
422d0040: 66d9888f e6dcd6a3 3cf2a252 38afb467    ...f....R..<g..8
422d0050: 41e21a60 42a19f9f 98bbd4ea 8acfee5b    `..A...B....[...
422d0060: 25022331 0e033a93 a17bae48 a7ac2277    1#.%.:..H.{.w"..
422d0070: 62940fa5 7f598dfd 00000000 00000000    ...b..Y.........
422d0080: 437000d4 000c00be 00001703 70000000    ..pC...........p
422d0090: 020c00be 01000009 b0040000 000c00ca    ................
422d00a0: 001dc501 00080000 000c00be 02000009    ................
422d00b0: 000a0000 001400ca 001dc502 500d0000    ...............P
422d00c0: 00004840 2000e501 010c00be 000000bb    @H..... ........
422d00d0: 20002d42 001400ca 001da300 500f0000    B-. ...........P
422d00e0: 40004840 c0ffe401 1d0800b2 02000000    @H.@............
422d00f0: 404004d7 210f01e1 80000000 03000001    ..@@...!........
u-boot=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!

#u-boot=> hab_auth_img 0x40480000 0x1D51004 0x1d50000
u-boot=> hab_auth_img 0x40480000 0x1e50ff4 0x1e50000

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x24 0x45 0x33 0x30 0xc0 0x1d
        0x10 0x02 0x11 0x22 0x40 0x00 0x08 0x16
        0x55 0x55 0x00 0x0f 0x00 0x10 0x20 0x00
        0x00 0x00 0x00 0x01 0x91 0x00 0x88 0x0e
        0x00 0x00 0x00 0x05

STS = HAB_FAILURE (0x33)
RSN = HAB_ENG_FAIL (0x30)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_CAAM (0x1D)


--------- HAB Event 2 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x3a 0xc0 0x00
        0xbe 0x00 0x0c 0x01 0xbb 0x00 0x00 0x00
        0x42 0x2d 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = INVALID
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

Thanks,

Dominique

Harvey021 · ‎06-21-2022

Hi @martinetd

For the question of OPTEE configuration, We just enable HAB4 feature and "dek_blob" command in U-Boot menu configure. "dek_blob encapsulation with OPTEE" will be enabled by default when enable "dek_blob command".

Configure u-boot compile,
$ make imx8mq_evk_defconfig
$ make menuconfig
Enable HAB4 and dek_blob command
$ make

You can compare the attached ".config" file with yours.

We use cst-3.3.1 on our side. As for cst-3.1.1, You need compile the CST to enable the encrypting feature as follows.

----------------------------------------------------

The encrypting feature is not enabled by default. You need to
execute the following commands to enable it:

$ sudo apt-get install libssl-dev openssl
$ cd <CST install directory>/code/back_end/src
$ gcc -o cst_encrypted -I ../hdr -L ../../../linux64/lib *.c
-lfrontend -lcrypto
$ cp cst_encrypted ../../../<where your original CST executable is>

Please refer to the link for more details.

https://source.codeaurora.org/external/imx/uboot-imx/tree/doc/imx/habv4/guides/mx6_mx7_encrypted_boo...

cst-3.3.1 can support encrypting feature by default. You can have a try with cst-3.3.1 if happened to not.

I would like to invite our experts for security to walk through the current problem with you. If that is fine for you, Can you please set a Teams meeting with us at 2PM This Thursday(Jun/23,GMT+8)? our email address: frank.zhang@nxp.com, barry.cao@nxp.com, tia.lan@nxp.com, harvey.yu_1@nxp.com

Best regards

Harvey

martinetd · ‎06-21-2022

hi @Harvey021

Ok for OPTEE/uboot. We also started from defconfig and added hab/dek_blob command so it should be close enough, but I am using imx8mp, not imx8mq.

As far as I can tell both should support this though.

CST version: sorry that was my mistake, I am using 3.3.1 as you can see in the path in csf config file. Encryption works for uboot itself with the procedure in uboot's doc/imx/habv4/guides/mx8m_encrypted_boot.txt so encryption support is compiled in. The problem only happens with later decryption.

Call: Ok. We do not have Teams here but I have sent you a google meets invitation for tomorrow (Thurs 23) 14:00 GMT+8

I'll try to reproduce with evk until then.

Thank you,

Dominique

martinetd · ‎05-30-2022

Hi @Harvey021 ! Thank you for the reply.

> Please let me know what bsp version you have built with?

I'm using uboot/optee/imx-boot based on the lf-5.10.35-2.0.0 tag. It's not built with yocto, but versions and config are the same.

> Have you Built OP-TEE to support DEK blob encapsulation?

I have added the following settings for uboot as documented:

CONFIG_IMX_HAB=y
CONFIG_CMD_DEKBLOB=y
CONFIG_IMX_OPTEE_DEK_ENCAP=y
CONFIG_CMD_PRIBLOB=y

For optee, the documentation mentions `CFG_NXPCRYPT=y CFG_GEN_DEK_BLOB=y` but there is no mention of these variables in the code or build system -- the generated binary is the same regardless of these environment variables. The variables are present in the older BSP release of optee up to 5.4 (4.14.98_2.2.0, 4.19.35_1.1.0 and 5.4.y-1.0.0) -- do I need to use these older BSP or backport from these versions?

encrypted uboot works including second stage so I assume this part works without optee support? or is optee support needed once optee started?

> I have checked your csf files. The address of blob in CSF should not start with 1. It should be the specific location of blob in memory.

I'm sorry, I was fixing my csf generation script when I wrote this post and I pasted an old version with an incorrect blob address. It should read `Blob Address = 0x41581020` (that is, linux kernel load address + linux kernel size (padded) + ivt size as it is where I put the dek blob. the ivt is pointed at in hab_auth_img, csf pointed at through ivt, and dek blob pointed at through csf)

Are there restrictions to where the dek blob should be?

The blob address is the only difference with my csf files, but I'm reattaching the ones actually used below to be sure as well as an hex dump of the csf. I'm really sorry for my mistake...

$ cat Image.csf_linux_enc.txt
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS

[Install SRK]
File = "../cst-3.3.1-ecc-384//crts/SRK_1_2_3_4_table.bin"
Source index = 0

[Install CSFK]
File = "../cst-3.3.1-ecc-384//crts/CSF1_1_sha256_secp384r1_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
Verification index = 0
Target index = 2
File = "../cst-3.3.1-ecc-384//crts/IMG1_1_sha256_secp384r1_v3_usr_crt.pem"

[Authenticate Data]
Verification index = 2
Blocks = 0x40480000 0 0x1000 "../secureboot/Image_signing.bin"

[Unlock]
Engine = CAAM
Features = MID

[Install Secret Key]
    Verification Index = 0
    Target Index = 0
    Key = "../secureboot/Image.dek_linux.bin"
    Key Length = 256
    # Authenticate Start Address +  SPL & DDR FW image length + CSF Padding
    Blob Address = 0x41527020

[Decrypt Data]
    # The decrypt data command below causes CST to modify the input
    # file and encrypt the specified block of data. This image file
    # is a copy of the file used for the authentication command above
    Verification Index = 0
    Mac Bytes = 16
    # Start Address = Start Address + SPL header
    # Offset = Image offset (image_off) = 0x40
    # Decrypt size = Image length - SPL header
    Blocks = 0x40481000 0x1000 0xe68000 "../secureboot/Image_signing.enc"
$ cat Image.csf_linux_sign_enc.txt 
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS

[Install SRK]
File = "../cst-3.3.1-ecc-384//crts/SRK_1_2_3_4_table.bin"
Source index = 0

[Install CSFK]
File = "../cst-3.3.1-ecc-384//crts/CSF1_1_sha256_secp384r1_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
Verification index = 0
Target index = 2
File = "../cst-3.3.1-ecc-384//crts/IMG1_1_sha256_secp384r1_v3_usr_crt.pem"

[Authenticate Data]
Verification index = 2
Blocks = 0x40480000 0 0x10a7020 "../secureboot/Image_signing.enc"

[Unlock]
Engine = CAAM
Features = MID

[Install Secret Key]
    Verification Index = 0
    Target Index = 0
    Key = "../secureboot/Image.dek_linux.bin.dummy"
    Key Length = 256
    # Authenticate Start Address +  SPL & DDR FW image length + CSF Padding
    Blob Address = 0x41527020

[Decrypt Data]
    # The decrypt data command below causes CST to modify the input
    # file and encrypt the specified block of data. This image file
    # is a copy of the file used for the authentication command above
    Verification Index = 0
    Mac Bytes = 16
    # Start Address = Start Address + SPL header
    # Offset = Image offset (image_off) = 0x40
    # Decrypt size = Image length - SPL header
    Blocks = 0x40481000 0x1000 0xe68000 "../secureboot/Image_signing.enc.dummy"

$ xxd Image.csf_linux_sign_enc.bin
00000000: d400 7843 be00 0c00 0317 0000 0000 0078  ..xC...........x
00000010: be00 0c02 0900 0001 0000 022c ca00 0c00  ...........,....
00000020: 01c5 1d00 0000 042c be00 0c00 0900 0002  .......,........
00000030: 0000 058c ca00 1400 02c5 1d00 0000 078c  ................
00000040: 4048 0000 010a 7020 b200 081d 0000 0001  @H....p ........
00000050: be00 0c01 bb00 0000 4152 7020 ca00 1400  ........ARp ....
00000060: 00a3 1d00 0000 08ec 4048 1000 00e6 8000  ........@H......
00000070: b200 081d 0000 0002 d701 b440 e100 6c27  ...........@..l'
00000080: 0000 0080 4d00 0180 4d73 421e 1de2 837d  ....M...MsB....}
00000090: 040f 77c9 d980 0629 19a3 3927 14a0 0253  ..w....)..9'...S
000000a0: fb46 85f1 83cf 37d1 be71 d86a 428b 676d  .F....7..q.jB.gm
000000b0: 17ad 3abc a8fe adc5 22ac 8a01 fcfd 33e7  ..:.....".....3.
000000c0: f4a1 4095 6077 1a37 b33d a163 00fe b58b  ..@.`w.7.=.c....
000000d0: cb52 e1fb 8c51 37ff fad2 d9d0 6711 ab4e  .R...Q7.....g..N
000000e0: 45f2 7c7c a7c4 a8eb e100 6c27 0000 0080  E.||......l'....
000000f0: 4d00 0180 a4f9 1733 6ed5 08a3 a651 2f1d  M......3n....Q/.
00000100: 7592 6b3f 030f da8b 78eb 2e1d ed27 0729  u.k?....x....'.)
00000110: 783f f2b5 f038 1431 95d6 f257 fed1 d5d8  x?...8.1...W....
00000120: d4d1 9c2a 1e79 945c ceaf a4b8 f54d dc8c  ...*.y.\.....M..
00000130: fb80 1ac3 c42a 0a3c bfed bd8b c718 388c  .....*.<......8.
00000140: 74a9 167f d999 7c45 0386 104e 20ca f48c  t.....|E...N ...
00000150: f958 cec9 e100 6c27 0000 0080 4d00 0180  .X....l'....M...
00000160: 3d0f a150 8978 695e c96c 4849 cda1 b545  =..P.xi^.lHI...E
00000170: 2bd1 e9c0 83e4 f22f ec7f a629 f941 a306  +....../...).A..
00000180: e2db ab7b ebf8 a54e dff8 da1f 74fb fdd8  ...{...N....t...
00000190: b2c3 2cac eabb 3523 8fb9 6dc2 ac94 a11a  ..,...5#..m.....
000001a0: 0c4b ec05 6f35 288c 8fc0 55bb a884 a408  .K..o5(...U.....
000001b0: 1139 5ac9 7694 bf18 de3a d2f7 b492 ec79  .9Z.v....:.....y
000001c0: e100 6c27 0000 0080 4d00 0180 1188 3975  ..l'....M.....9u
000001d0: d9e6 5a2b 82ab 680f 4598 c207 5ecb aa21  ..Z+..h.E...^..!
000001e0: b740 6d4e 6aa2 6262 bbdc efb6 16ce e43f  .@mNj.bb.......?
000001f0: a2dc fe06 6f9e c42a bffc 2e30 70e0 dd25  ....o..*...0p..%
00000200: 1553 2261 b027 23de 71ad bf5a a9d5 aaf2  .S"a.'#.q..Z....
00000210: 3c25 026f 5f89 30fb 691b b0bf 2bea 5ebe  <%.o_.0.i...+.^.
00000220: b557 61c2 c6a1 ba2c d96d 082f d701 fe43  .Wa....,.m./...C
00000230: 3082 01f6 3082 017c a003 0201 0202 0101  0...0..|........
00000240: 300a 0608 2a86 48ce 3d04 0302 3026 3124  0...*.H.=...0&1$
00000250: 3022 0603 5504 030c 1b53 524b 315f 7368  0"..U....SRK1_sh
00000260: 6132 3536 5f73 6563 7033 3834 7231 5f76  a256_secp384r1_v
00000270: 335f 6361 301e 170d 3232 3034 3037 3033  3_ca0...22040703
00000280: 3539 3533 5a17 0d33 3230 3430 3430 3335  5953Z..320404035
00000290: 3935 335a 3029 3127 3025 0603 5504 030c  953Z0)1'0%..U...
000002a0: 1e43 5346 315f 315f 7368 6132 3536 5f73  .CSF1_1_sha256_s
000002b0: 6563 7033 3834 7231 5f76 335f 7573 7230  ecp384r1_v3_usr0
000002c0: 7630 1006 072a 8648 ce3d 0201 0605 2b81  v0...*.H.=....+.
000002d0: 0400 2203 6200 04dd 3712 c941 d052 1a5c  ..".b...7..A.R.\
000002e0: 39d8 0c0e 755c e788 4cd2 d5f5 3b2c 8f6f  9...u\..L...;,.o
000002f0: 3f2a a4a7 2e80 23aa 3776 81ff 1224 8860  ?*....#.7v...$.`
00000300: cf4c 53bb 5cc6 f104 df0d e210 c36a a77c  .LS.\........j.|
00000310: 031b 056c 6984 3aa9 a4bb bd73 c610 1dbd  ...li.:....s....
00000320: 25e8 f2fc c87a c08c 1dd0 828e 3f84 cb48  %....z......?..H
00000330: 672c 5744 ba34 1ca3 7b30 7930 0906 0355  g,WD.4..{0y0...U
00000340: 1d13 0402 3000 302c 0609 6086 4801 86f8  ....0.0,..`.H...
00000350: 4201 0d04 1f16 1d4f 7065 6e53 534c 2047  B......OpenSSL G
00000360: 656e 6572 6174 6564 2043 6572 7469 6669  enerated Certifi
00000370: 6361 7465 301d 0603 551d 0e04 1604 1467  cate0...U......g
00000380: 90aa 6394 3927 bebe e72e d119 e60d 9e03  ..c.9'..........
00000390: 8afb ac30 1f06 0355 1d23 0418 3016 8014  ...0...U.#..0...
000003a0: 8599 c1e9 012d 1403 6d57 be7e 5049 55a2  .....-..mW.~PIU.
000003b0: eb2f cac7 300a 0608 2a86 48ce 3d04 0302  ./..0...*.H.=...
000003c0: 0368 0030 6502 3100 950f affc ce37 a2df  .h.0e.1......7..
000003d0: 166a 0db1 f7ac 1613 91ca 731b c1f7 38ba  .j........s...8.
000003e0: d899 9c61 6a4f 014f b05e c906 dcb6 871e  ...ajO.O.^......
000003f0: c394 5c45 076e 93f7 0230 6f41 ac83 9c0e  ..\E.n...0oA....
00000400: cedb a9a6 c11d d67c 23d6 4932 2a52 7000  .......|#.I2*Rp.
00000410: 79af 60a1 ed06 f820 697f bdbb d96d 0fdc  y.`.... i....m..
00000420: 7657 6037 0460 1988 aa42 0000 d801 5f43  vW`7.`...B...._C
00000430: 3082 0157 0609 2a86 4886 f70d 0107 02a0  0..W..*.H.......
00000440: 8201 4830 8201 4402 0101 310d 300b 0609  ..H0..D...1.0...
00000450: 6086 4801 6503 0402 0130 0b06 092a 8648  `.H.e....0...*.H
00000460: 86f7 0d01 0701 3182 0121 3082 011d 0201  ......1..!0.....
00000470: 0130 2b30 2631 2430 2206 0355 0403 0c1b  .0+0&1$0"..U....
00000480: 5352 4b31 5f73 6861 3235 365f 7365 6370  SRK1_sha256_secp
00000490: 3338 3472 315f 7633 5f63 6102 0101 300b  384r1_v3_ca...0.
000004a0: 0609 6086 4801 6503 0402 01a0 6930 1806  ..`.H.e.....i0..
000004b0: 092a 8648 86f7 0d01 0903 310b 0609 2a86  .*.H......1...*.
000004c0: 4886 f70d 0107 0130 1c06 092a 8648 86f7  H......0...*.H..
000004d0: 0d01 0905 310f 170d 3232 3035 3331 3032  ....1...22053102
000004e0: 3031 3132 5a30 2f06 092a 8648 86f7 0d01  0112Z0/..*.H....
000004f0: 0904 3122 0420 261d 0ec6 56a9 2be6 162b  ..1". &...V.+..+
00000500: a22a b2e8 d49d af09 df67 20cb d118 ac95  .*.......g .....
00000510: 7dc1 d57e e9c8 300a 0608 2a86 48ce 3d04  }..~..0...*.H.=.
00000520: 0302 0467 3065 0230 2e95 388d b3ea 3ecf  ...g0e.0..8...>.
00000530: e812 a3d2 a192 56b0 f5c6 50bf fcc4 b0ba  ......V...P.....
00000540: 577b 1960 36ca c68e fc0d 32bb 0a93 f08b  W{.`6.....2.....
00000550: a979 b42c 1b6c 05e2 0231 00d0 9c34 937f  .y.,.l...1...4..
00000560: d420 a373 f7ac 2566 4fd1 8fd9 3e0b 6fac  . .s..%fO...>.o.
00000570: b6e1 d4bf 858b bfe3 65d6 2913 a93f b499  ........e.)..?..
00000580: 2be8 0e63 fb11 2732 59d8 3100 d701 fe43  +..c..'2Y.1....C
00000590: 3082 01f6 3082 017c a003 0201 0202 0102  0...0..|........
000005a0: 300a 0608 2a86 48ce 3d04 0302 3026 3124  0...*.H.=...0&1$
000005b0: 3022 0603 5504 030c 1b53 524b 315f 7368  0"..U....SRK1_sh
000005c0: 6132 3536 5f73 6563 7033 3834 7231 5f76  a256_secp384r1_v
000005d0: 335f 6361 301e 170d 3232 3034 3037 3033  3_ca0...22040703
000005e0: 3539 3533 5a17 0d33 3230 3430 3430 3335  5953Z..320404035
000005f0: 3935 335a 3029 3127 3025 0603 5504 030c  953Z0)1'0%..U...
00000600: 1e49 4d47 315f 315f 7368 6132 3536 5f73  .IMG1_1_sha256_s
00000610: 6563 7033 3834 7231 5f76 335f 7573 7230  ecp384r1_v3_usr0
00000620: 7630 1006 072a 8648 ce3d 0201 0605 2b81  v0...*.H.=....+.
00000630: 0400 2203 6200 0481 6d7f 36b3 9485 4ef1  ..".b...m.6...N.
00000640: 33b8 4c76 4377 8da3 29c5 3096 5e8a 6587  3.LvCw..).0.^.e.
00000650: ef63 d034 2256 bdcf 8893 086d 81c3 604f  .c.4"V.....m..`O
00000660: d560 e4d3 f1fe 5760 de47 383c da00 221e  .`....W`.G8<..".
00000670: 310b 9826 d39a 7488 123b 00dd 4dd1 f9a5  1..&..t..;..M...
00000680: 3156 e117 e281 237a d2fe c5be 0970 27cf  1V....#z.....p'.
00000690: 2cb4 abbf 60af 63a3 7b30 7930 0906 0355  ,...`.c.{0y0...U
000006a0: 1d13 0402 3000 302c 0609 6086 4801 86f8  ....0.0,..`.H...
000006b0: 4201 0d04 1f16 1d4f 7065 6e53 534c 2047  B......OpenSSL G
000006c0: 656e 6572 6174 6564 2043 6572 7469 6669  enerated Certifi
000006d0: 6361 7465 301d 0603 551d 0e04 1604 1463  cate0...U......c
000006e0: 8e52 8758 97c0 d388 1fe8 a20a f11f 89b5  .R.X............
000006f0: 20e7 c030 1f06 0355 1d23 0418 3016 8014   ..0...U.#..0...
00000700: 8599 c1e9 012d 1403 6d57 be7e 5049 55a2  .....-..mW.~PIU.
00000710: eb2f cac7 300a 0608 2a86 48ce 3d04 0302  ./..0...*.H.=...
00000720: 0368 0030 6502 3100 b985 7caa 3817 4480  .h.0e.1...|.8.D.
00000730: 46c1 f517 40c2 cb50 10f3 ee8c 14c2 9ae6  F...@..P........
00000740: 8438 4b2e 2018 dd2f a79b b58c bafb 3ac2  .8K. ../......:.
00000750: bf68 0716 158d 5831 0230 07ca a316 f8e4  .h....X1.0......
00000760: 329b c3fd c46e 6264 9e8a 0971 5330 bb69  2....nbd...qS0.i
00000770: 1a8a d70e 0965 d327 b476 b35b 75b0 a9fd  .....e.'.v.[u...
00000780: da47 abd1 38f6 0693 766e 0000 d801 5f43  .G..8...vn...._C
00000790: 3082 0157 0609 2a86 4886 f70d 0107 02a0  0..W..*.H.......
000007a0: 8201 4830 8201 4402 0101 310d 300b 0609  ..H0..D...1.0...
000007b0: 6086 4801 6503 0402 0130 0b06 092a 8648  `.H.e....0...*.H
000007c0: 86f7 0d01 0701 3182 0121 3082 011d 0201  ......1..!0.....
000007d0: 0130 2b30 2631 2430 2206 0355 0403 0c1b  .0+0&1$0"..U....
000007e0: 5352 4b31 5f73 6861 3235 365f 7365 6370  SRK1_sha256_secp
000007f0: 3338 3472 315f 7633 5f63 6102 0102 300b  384r1_v3_ca...0.
00000800: 0609 6086 4801 6503 0402 01a0 6930 1806  ..`.H.e.....i0..
00000810: 092a 8648 86f7 0d01 0903 310b 0609 2a86  .*.H......1...*.
00000820: 4886 f70d 0107 0130 1c06 092a 8648 86f7  H......0...*.H..
00000830: 0d01 0905 310f 170d 3232 3035 3331 3032  ....1...22053102
00000840: 3031 3132 5a30 2f06 092a 8648 86f7 0d01  0112Z0/..*.H....
00000850: 0904 3122 0420 c94e b3a2 7a54 b3ee a582  ..1". .N..zT....
00000860: 02c1 6e7b f445 942f 20d2 64a4 1d04 8760  ..n{.E./ .d....`
00000870: 95f7 af18 3164 300a 0608 2a86 48ce 3d04  ....1d0...*.H.=.
00000880: 0302 0467 3065 0231 0080 1367 70de e6d8  ...g0e.1...gp...
00000890: 1eae c81e e545 e7cc 082f acd4 0ac6 0527  .....E.../.....'
000008a0: 0d35 b50d 2e7b 70a0 ac8d 3344 8378 b77b  .5...{p...3D.x.{
000008b0: c782 e32c a3af f1e0 e002 300f 2cc5 418e  ...,......0.,.A.
000008c0: ee4d 7240 1c95 ef65 bb70 b4b2 d87b 2361  .Mr@...e.p...{#a
000008d0: 539d b2e7 accd 4d34 273b 93e7 64e4 c430  S.....M4';..d..0
000008e0: 296a a63f ae04 c557 df46 bb00 ac00 2443  )j.?...W.F....$C
000008f0: 000c 0010 0b87 f772 c9fb f3cb e4e4 d8c1  .......r........
00000900: 23c9 b260 542d b8a1 4779 cfca 1ef1 33f7  #..`T-..Gy....3.

> And share your steps of what you have generated the dek_blob.

It should match what I had described in my original post, here are the commands I used:

        cp "$OUT/Image_signing.bin" "$OUT/Image_signing.enc" \
                || error "Could not copy Image_signing.bin"
        "$CST/linux64/bin/cst" -i "$OUT/Image.csf_linux_enc.txt" -o "$OUT/Image.csf_linux_enc.bin" \
                || error "Could not sign csf linux enc"

        cp "$OUT/Image_signing.enc" "$OUT/Image_signing.enc.dummy" \
                || error "Could not copy Image_signing.bin.dummy"
        "$CST/linux64/bin/cst" -i "$OUT/Image.csf_linux_sign_enc.txt" -o "$OUT/Image.csf_linux_sign_enc.bin" \
                || error "Could not sign csf linux sign enc"
        rm -f "$OUT/Image_signing.enc.dummy" "$OUT/Image.dek_linux.bin.dummy"

        # copy encrypted nonce
        local offset_in offset_out
        offset_in=$(stat -c "%s" "$OUT/Image.csf_linux_enc.bin")
        [[ -n "$offset_in" ]] || error "Could not get csf_linux_enc.bin size"
        offset_in=$((offset_in - 36))
        offset_out=$(stat -c "%s" "$OUT/Image.csf_linux_sign_enc.bin")
        [[ -n "$offset_out" ]] || error "Could not get csf_linux_sign_enc.bin size"
        offset_out=$((offset_out - 36))

        echo "copying csf_linux_enc.bin $offset_in -> csf_linux_sign_enc.bin $offset_out 36 bytes"
        dd if="$OUT/Image.csf_linux_enc.bin" of="$OUT/Image.csf_linux_sign_enc.bin" \
                        status=none bs=36 count=1 \
                        iflag=skip_bytes oflag=seek_bytes \
                        skip="$offset_in" seek="$offset_out" \
                || error "Could not copy nonce/mac to csf_linux_sign_enc"

        # append csf to image
        cat "$OUT/Image.csf_linux_sign_enc.bin" >> "$OUT/Image_signing.enc" \
                || error "Could not append to $OUT/Image_signing.enc"

        # copy DEK at proper offset
        printf "linux DEK offset: %x\n" "$((linux_size + 0x20))"
        dd if="$OUT/Image.dek_linux.bin" of="$OUT/Image_signing.enc" \
                status=none seek=$((linux_size+0x20)) oflag=seek_bytes bs=4k conv=notrunc

after this, I copy the image to a fixed offset in /dev/mmcblk2boot0 and fix the dek blob:

# dek offset was 0x10a7020 and the image is 5MB inside the the device:
# printf "%x\n" $((5*2048+0x10a7020/512))
# ad38

u-boot=> mmc dev 2 1
u-boot=> mmc read 0x40800000 ad38 1
u-boot=> md 0x40800020  # non-transformed dek blob
40800020: 573df35e 4b27aa81 85a6d67c 564f8737    ^.=W..'K|...7.OV
40800030: a8864555 b5c0e31b 83434018 8eb87d32    UE.......@C.2}..
40800040: 00000000 00000000 00000000 00000000    ................
40800050: 00000000 00000000 00000000 00000000    ................
40800060: 00000000 00000000 00000000 00000000    ................
40800070: 00000000 00000000 00000000 00000000    ................
40800080: 437800d4 000c00be 00001703 78000000    ..xC...........x
40800090: 020c00be 01000009 2c020000 000c00ca    ...........,....
408000a0: 001dc501 2c040000 000c00be 02000009    .......,........
408000b0: 8c050000 001400ca 001dc502 8c070000    ................
408000c0: 00004840 20700a01 1d0800b2 01000000    @H....p ........
408000d0: 010c00be 000000bb 20705241 001400ca    ........ARp ....
408000e0: 001da300 ec080000 00104840 0080e600    ........@H......
408000f0: 1d0800b2 02000000 40b401d7 276c00e1    ...........@..l'
40800100: 80000000 8001004d 1e42734d 7d83e21d    ....M...MsB....}
40800110: c9770f04 290680d9 2739a319 5302a014    ..w....)..9'...S
u-boot=> cp 0x40800020 0x40400000 8
u-boot=> dek_blob 0x40400000 0x40800020 256
u-boot=> md 0x40800020  # actual dek blob
40800020: 43580081 00205566 15296475 dcaf95c8    ..XCfU .ud).....
40800030: 7a528b3c 23c74605 059adf2b 17719616    <.Rz.F.#+.....q.
40800040: 82a00a6b a3a5289b 8233afb8 02af2615    k....(....3..&..
40800050: 3625eeca fccbfc19 c6a57680 a05b734c    ..%6.....v..Ls[.
40800060: b923b5c4 27755513 046fa9ad 4ba3aa72    ..#..Uu'..o.r..K
40800070: 66e79cbc 2510cad4 00000000 00000000    ...f...%........
40800080: 437800d4 000c00be 00001703 78000000    ..xC...........x
40800090: 020c00be 01000009 2c020000 000c00ca    ...........,....
408000a0: 001dc501 2c040000 000c00be 02000009    .......,........
408000b0: 8c050000 001400ca 001dc502 8c070000    ................
408000c0: 00004840 20700a01 1d0800b2 01000000    @H....p ........
408000d0: 010c00be 000000bb 20705241 001400ca    ........ARp ....
408000e0: 001da300 ec080000 00104840 0080e600    ........@H......
408000f0: 1d0800b2 02000000 40b401d7 276c00e1    ...........@..l'
40800100: 80000000 8001004d 1e42734d 7d83e21d    ....M...MsB....}
40800110: c9770f04 290680d9 2739a319 5302a014    ..w....)..9'...S
u-boot=> mmc write 0x40800000 ad38 1

u-boot=> run loadimage
u-boot=> md 0x41527020 # correct blob address in csf
41527020: 43580081 00205566 15296475 dcaf95c8    ..XCfU .ud).....
41527030: 7a528b3c 23c74605 059adf2b 17719616    <.Rz.F.#+.....q.
41527040: 82a00a6b a3a5289b 8233afb8 02af2615    k....(....3..&..
41527050: 3625eeca fccbfc19 c6a57680 a05b734c    ..%6.....v..Ls[.
41527060: b923b5c4 27755513 046fa9ad 4ba3aa72    ..#..Uu'..o.r..K
41527070: 66e79cbc 2510cad4 00000000 00000000    ...f...%........
41527080: 437800d4 000c00be 00001703 78000000    ..xC...........x
41527090: 020c00be 01000009 2c020000 000c00ca    ...........,....
415270a0: 001dc501 2c040000 000c00be 02000009    .......,........
415270b0: 8c050000 001400ca 001dc502 8c070000    ................
415270c0: 00004840 20700a01 1d0800b2 01000000    @H....p ........
415270d0: 010c00be 000000bb 20705241 001400ca    ........ARp ....
415270e0: 001da300 ec080000 00104840 0080e600    ........@H......
415270f0: 1d0800b2 02000000 40b401d7 276c00e1    ...........@..l'
41527100: 80000000 8001004d 1e42734d 7d83e21d    ....M...MsB....}
41527110: c9770f04 290680d9 2739a319 5302a014    ..w....)..9'...S

So the dek blob is indeed written at the correct address in memory. Then I just try to boot (or manually verify image)

I have fixed hab event parsing (patch below), this is actually helpful as the second hab event actually makes sense (something in the caam engine failed) -- perhaps you can make more use of it than me. (40480000 is image start in memory, 10a7990 is the file size including up to the end of the csf, 10a7000 is the offset to the ivt within the file. This works when the image is just signed with no encryption.)

u-boot=> hab_auth_img 0x40480000 10a7990 10a7000

Authenticate image from DDR location 0x40480000...

Secure boot enabled

HAB Configuration: 0xcc, HAB State: 0x99

--------- HAB Event 1 -----------------
event data:
	0xdb 0x00 0x14 0x45 0x33 0x3a 0xc0 0x00
	0xbe 0x00 0x0c 0x01 0xbb 0x00 0x00 0x00
	0x41 0x52 0x70 0x20

STS = HAB_FAILURE (0x33)
RSN = INVALID
CTX = HAB_CTX_FAB (0xFF)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
	0xdb 0x00 0x24 0x45 0x33 0x30 0xc0 0x1d
	0x10 0x02 0x11 0x22 0x40 0x00 0x08 0x16
	0x55 0x55 0x00 0x0f 0x00 0x10 0x20 0x00
	0x00 0x00 0x00 0x01 0x91 0x00 0x88 0x0e
	0x00 0x00 0x02 0x05

STS = HAB_FAILURE (0x33)
RSN = HAB_ENG_FAIL (0x30)
CTX = HAB_CTX_FAB (0xFF)
ENG = HAB_ENG_CAAM (0x1D)

FWIW, here's the uboot patch I used, with two fixes:

- sts_str did not correspond to hab_statuses. It just happened to work out for HAB_FAILURE because it was in 2nd slot in both cases

- get_idx would fail to recognize the -1 and never end the loop

- even when it did, it didn't return idx but an out of range index; it should return the last string entry invalid at index -1 in the enum list.

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 664444bfea5e..cea4b78caaee 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -280,9 +280,10 @@ static char *rsn_str[] = {
 };
 
 static char *sts_str[] = {
-			  "STS = HAB_SUCCESS (0xF0)\n",
+			  "STS = HAB_ANY (0x00)\n",
 			  "STS = HAB_FAILURE (0x33)\n",
 			  "STS = HAB_WARNING (0x69)\n",
+			  "STS = HAB_SUCCESS (0xF0)\n",
 			  "STS = INVALID\n",
 			  NULL
 };
@@ -398,12 +399,12 @@ static inline uint8_t get_idx(uint8_t *list, uint8_t tgt)
 {
 	uint8_t idx = 0;
 	uint8_t element = list[idx];
-	while (element != -1) {
+	while (element != (uint8_t)-1) {
 		if (element == tgt)
 			return idx;
 		element = list[++idx];
 	}
-	return -1;
+	return idx;
 }

Thank you again for looking!

Harvey021 · ‎05-30-2022

Hi @martinetd

Please let me know what bsp version you have built with?

Have you Built OP-TEE to support DEK blob encapsulation?

And share your steps of what you have generated the dek_blob.

I have checked your csf files. The address of blob in CSF should not start with 1. It should be the specific location of blob in memory.

So please dump the the value of blob in your memory to share with us.

Best regards

Harvey

martinetd · ‎05-30-2022

Hi @Harvey021 ! Thank you for the reply.

> Please let me know what bsp version you have built with?

I'm using uboot/optee/imx-boot based on the lf-5.10.35-2.0.0 tag. It's not built with yocto, but versions and config are the same.

> Have you Built OP-TEE to support DEK blob encapsulation?

I have added the following settings for uboot as documented:

CONFIG_IMX_HAB=y
CONFIG_CMD_DEKBLOB=y
CONFIG_IMX_OPTEE_DEK_ENCAP=y
CONFIG_CMD_PRIBLOB=y

For optee, the documentation mentions `CFG_NXPCRYPT=y CFG_GEN_DEK_BLOB=y` but there is no mention of these variables in the code or build system -- the generated binary is the same regardless of these environment variables. The variables are present in the older BSP release of optee up to 5.4 (4.14.98_2.2.0, 4.19.35_1.1.0 and 5.4.y-1.0.0) -- do I need to use these older BSP or backport from these versions?

encrypted uboot works including second stage so I assume this part works without optee support? or is optee support needed once optee started?

> I have checked your csf files. The address of blob in CSF should not start with 1. It should be the specific location of blob in memory.

I'm sorry, I was fixing my csf generation script when I wrote this post and I pasted an old version with an incorrect blob address. It should read `Blob Address = 0x41581020` (that is, linux kernel load address + linux kernel size (padded) + ivt size as it is where I put the dek blob. the ivt is pointed at in hab_auth_img, csf pointed at through ivt, and dek blob pointed at through csf)

Are there restrictions to where the dek blob should be?

For confirmation there should be no difference other than Blob address from previous message but here are my csf again with the binary dump of the csf as well in case that helps.

$ cat Image.csf_linux_enc.txt
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS

[Install SRK]
File = "../cst-3.3.1-ecc-384//crts/SRK_1_2_3_4_table.bin"
Source index = 0

[Install CSFK]
File = "../cst-3.3.1-ecc-384//crts/CSF1_1_sha256_secp384r1_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
Verification index = 0
Target index = 2
File = "../cst-3.3.1-ecc-384//crts/IMG1_1_sha256_secp384r1_v3_usr_crt.pem"

[Authenticate Data]
Verification index = 2
Blocks = 0x40480000 0 0x1000 "../secureboot/Image_signing.bin"

[Unlock]
Engine = CAAM
Features = MID

[Install Secret Key]
    Verification Index = 0
    Target Index = 0
    Key = "../secureboot/Image.dek_linux.bin"
    Key Length = 256
    # Authenticate Start Address +  SPL & DDR FW image length + CSF Padding
    Blob Address = 0x41527020

[Decrypt Data]
    # The decrypt data command below causes CST to modify the input
    # file and encrypt the specified block of data. This image file
    # is a copy of the file used for the authentication command above
    Verification Index = 0
    Mac Bytes = 16
    # Start Address = Start Address + SPL header
    # Offset = Image offset (image_off) = 0x40
    # Decrypt size = Image length - SPL header
    Blocks = 0x40481000 0x1000 0xe68000 "../secureboot/Image_signing.enc"

$ cat Image.csf_linux_sign_enc.txt 
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS

[Install SRK]
File = "../cst-3.3.1-ecc-384//crts/SRK_1_2_3_4_table.bin"
Source index = 0

[Install CSFK]
File = "../cst-3.3.1-ecc-384//crts/CSF1_1_sha256_secp384r1_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
Verification index = 0
Target index = 2
File = "../cst-3.3.1-ecc-384//crts/IMG1_1_sha256_secp384r1_v3_usr_crt.pem"

[Authenticate Data]
Verification index = 2
Blocks = 0x40480000 0 0x10a7020 "../secureboot/Image_signing.enc"

[Unlock]
Engine = CAAM
Features = MID

[Install Secret Key]
    Verification Index = 0
    Target Index = 0
    Key = "../secureboot/Image.dek_linux.bin.dummy"
    Key Length = 256
    # Authenticate Start Address +  SPL & DDR FW image length + CSF Padding
    Blob Address = 0x41527020

[Decrypt Data]
    # The decrypt data command below causes CST to modify the input
    # file and encrypt the specified block of data. This image file
    # is a copy of the file used for the authentication command above
    Verification Index = 0
    Mac Bytes = 16
    # Start Address = Start Address + SPL header
    # Offset = Image offset (image_off) = 0x40
    # Decrypt size = Image length - SPL header
    Blocks = 0x40481000 0x1000 0xe68000 "../secureboot/Image_signing.enc.dummy"

$ xxd Image.csf_linux_sign_enc.bin
00000000: d400 7843 be00 0c00 0317 0000 0000 0078  ..xC...........x
00000010: be00 0c02 0900 0001 0000 022c ca00 0c00  ...........,....
00000020: 01c5 1d00 0000 042c be00 0c00 0900 0002  .......,........
00000030: 0000 058c ca00 1400 02c5 1d00 0000 078c  ................
00000040: 4048 0000 010a 7020 b200 081d 0000 0001  @H....p ........
00000050: be00 0c01 bb00 0000 4152 7020 ca00 1400  ........ARp ....
00000060: 00a3 1d00 0000 08ec 4048 1000 00e6 8000  ........@H......
00000070: b200 081d 0000 0002 d701 b440 e100 6c27  ...........@..l'
00000080: 0000 0080 4d00 0180 4d73 421e 1de2 837d  ....M...MsB....}
00000090: 040f 77c9 d980 0629 19a3 3927 14a0 0253  ..w....)..9'...S
000000a0: fb46 85f1 83cf 37d1 be71 d86a 428b 676d  .F....7..q.jB.gm
000000b0: 17ad 3abc a8fe adc5 22ac 8a01 fcfd 33e7  ..:.....".....3.
000000c0: f4a1 4095 6077 1a37 b33d a163 00fe b58b  ..@.`w.7.=.c....
000000d0: cb52 e1fb 8c51 37ff fad2 d9d0 6711 ab4e  .R...Q7.....g..N
000000e0: 45f2 7c7c a7c4 a8eb e100 6c27 0000 0080  E.||......l'....
000000f0: 4d00 0180 a4f9 1733 6ed5 08a3 a651 2f1d  M......3n....Q/.
00000100: 7592 6b3f 030f da8b 78eb 2e1d ed27 0729  u.k?....x....'.)
00000110: 783f f2b5 f038 1431 95d6 f257 fed1 d5d8  x?...8.1...W....
00000120: d4d1 9c2a 1e79 945c ceaf a4b8 f54d dc8c  ...*.y.\.....M..
00000130: fb80 1ac3 c42a 0a3c bfed bd8b c718 388c  .....*.<......8.
00000140: 74a9 167f d999 7c45 0386 104e 20ca f48c  t.....|E...N ...
00000150: f958 cec9 e100 6c27 0000 0080 4d00 0180  .X....l'....M...
00000160: 3d0f a150 8978 695e c96c 4849 cda1 b545  =..P.xi^.lHI...E
00000170: 2bd1 e9c0 83e4 f22f ec7f a629 f941 a306  +....../...).A..
00000180: e2db ab7b ebf8 a54e dff8 da1f 74fb fdd8  ...{...N....t...
00000190: b2c3 2cac eabb 3523 8fb9 6dc2 ac94 a11a  ..,...5#..m.....
000001a0: 0c4b ec05 6f35 288c 8fc0 55bb a884 a408  .K..o5(...U.....
000001b0: 1139 5ac9 7694 bf18 de3a d2f7 b492 ec79  .9Z.v....:.....y
000001c0: e100 6c27 0000 0080 4d00 0180 1188 3975  ..l'....M.....9u
000001d0: d9e6 5a2b 82ab 680f 4598 c207 5ecb aa21  ..Z+..h.E...^..!
000001e0: b740 6d4e 6aa2 6262 bbdc efb6 16ce e43f  .@mNj.bb.......?
000001f0: a2dc fe06 6f9e c42a bffc 2e30 70e0 dd25  ....o..*...0p..%
00000200: 1553 2261 b027 23de 71ad bf5a a9d5 aaf2  .S"a.'#.q..Z....
00000210: 3c25 026f 5f89 30fb 691b b0bf 2bea 5ebe  <%.o_.0.i...+.^.
00000220: b557 61c2 c6a1 ba2c d96d 082f d701 fe43  .Wa....,.m./...C
00000230: 3082 01f6 3082 017c a003 0201 0202 0101  0...0..|........
00000240: 300a 0608 2a86 48ce 3d04 0302 3026 3124  0...*.H.=...0&1$
00000250: 3022 0603 5504 030c 1b53 524b 315f 7368  0"..U....SRK1_sh
00000260: 6132 3536 5f73 6563 7033 3834 7231 5f76  a256_secp384r1_v
00000270: 335f 6361 301e 170d 3232 3034 3037 3033  3_ca0...22040703
00000280: 3539 3533 5a17 0d33 3230 3430 3430 3335  5953Z..320404035
00000290: 3935 335a 3029 3127 3025 0603 5504 030c  953Z0)1'0%..U...
000002a0: 1e43 5346 315f 315f 7368 6132 3536 5f73  .CSF1_1_sha256_s
000002b0: 6563 7033 3834 7231 5f76 335f 7573 7230  ecp384r1_v3_usr0
000002c0: 7630 1006 072a 8648 ce3d 0201 0605 2b81  v0...*.H.=....+.
000002d0: 0400 2203 6200 04dd 3712 c941 d052 1a5c  ..".b...7..A.R.\
000002e0: 39d8 0c0e 755c e788 4cd2 d5f5 3b2c 8f6f  9...u\..L...;,.o
000002f0: 3f2a a4a7 2e80 23aa 3776 81ff 1224 8860  ?*....#.7v...$.`
00000300: cf4c 53bb 5cc6 f104 df0d e210 c36a a77c  .LS.\........j.|
00000310: 031b 056c 6984 3aa9 a4bb bd73 c610 1dbd  ...li.:....s....
00000320: 25e8 f2fc c87a c08c 1dd0 828e 3f84 cb48  %....z......?..H
00000330: 672c 5744 ba34 1ca3 7b30 7930 0906 0355  g,WD.4..{0y0...U
00000340: 1d13 0402 3000 302c 0609 6086 4801 86f8  ....0.0,..`.H...
00000350: 4201 0d04 1f16 1d4f 7065 6e53 534c 2047  B......OpenSSL G
00000360: 656e 6572 6174 6564 2043 6572 7469 6669  enerated Certifi
00000370: 6361 7465 301d 0603 551d 0e04 1604 1467  cate0...U......g
00000380: 90aa 6394 3927 bebe e72e d119 e60d 9e03  ..c.9'..........
00000390: 8afb ac30 1f06 0355 1d23 0418 3016 8014  ...0...U.#..0...
000003a0: 8599 c1e9 012d 1403 6d57 be7e 5049 55a2  .....-..mW.~PIU.
000003b0: eb2f cac7 300a 0608 2a86 48ce 3d04 0302  ./..0...*.H.=...
000003c0: 0368 0030 6502 3100 950f affc ce37 a2df  .h.0e.1......7..
000003d0: 166a 0db1 f7ac 1613 91ca 731b c1f7 38ba  .j........s...8.
000003e0: d899 9c61 6a4f 014f b05e c906 dcb6 871e  ...ajO.O.^......
000003f0: c394 5c45 076e 93f7 0230 6f41 ac83 9c0e  ..\E.n...0oA....
00000400: cedb a9a6 c11d d67c 23d6 4932 2a52 7000  .......|#.I2*Rp.
00000410: 79af 60a1 ed06 f820 697f bdbb d96d 0fdc  y.`.... i....m..
00000420: 7657 6037 0460 1988 aa42 0000 d801 5f43  vW`7.`...B...._C
00000430: 3082 0157 0609 2a86 4886 f70d 0107 02a0  0..W..*.H.......
00000440: 8201 4830 8201 4402 0101 310d 300b 0609  ..H0..D...1.0...
00000450: 6086 4801 6503 0402 0130 0b06 092a 8648  `.H.e....0...*.H
00000460: 86f7 0d01 0701 3182 0121 3082 011d 0201  ......1..!0.....
00000470: 0130 2b30 2631 2430 2206 0355 0403 0c1b  .0+0&1$0"..U....
00000480: 5352 4b31 5f73 6861 3235 365f 7365 6370  SRK1_sha256_secp
00000490: 3338 3472 315f 7633 5f63 6102 0101 300b  384r1_v3_ca...0.
000004a0: 0609 6086 4801 6503 0402 01a0 6930 1806  ..`.H.e.....i0..
000004b0: 092a 8648 86f7 0d01 0903 310b 0609 2a86  .*.H......1...*.
000004c0: 4886 f70d 0107 0130 1c06 092a 8648 86f7  H......0...*.H..
000004d0: 0d01 0905 310f 170d 3232 3035 3331 3032  ....1...22053102
000004e0: 3031 3132 5a30 2f06 092a 8648 86f7 0d01  0112Z0/..*.H....
000004f0: 0904 3122 0420 261d 0ec6 56a9 2be6 162b  ..1". &...V.+..+
00000500: a22a b2e8 d49d af09 df67 20cb d118 ac95  .*.......g .....
00000510: 7dc1 d57e e9c8 300a 0608 2a86 48ce 3d04  }..~..0...*.H.=.
00000520: 0302 0467 3065 0230 2e95 388d b3ea 3ecf  ...g0e.0..8...>.
00000530: e812 a3d2 a192 56b0 f5c6 50bf fcc4 b0ba  ......V...P.....
00000540: 577b 1960 36ca c68e fc0d 32bb 0a93 f08b  W{.`6.....2.....
00000550: a979 b42c 1b6c 05e2 0231 00d0 9c34 937f  .y.,.l...1...4..
00000560: d420 a373 f7ac 2566 4fd1 8fd9 3e0b 6fac  . .s..%fO...>.o.
00000570: b6e1 d4bf 858b bfe3 65d6 2913 a93f b499  ........e.)..?..
00000580: 2be8 0e63 fb11 2732 59d8 3100 d701 fe43  +..c..'2Y.1....C
00000590: 3082 01f6 3082 017c a003 0201 0202 0102  0...0..|........
000005a0: 300a 0608 2a86 48ce 3d04 0302 3026 3124  0...*.H.=...0&1$
000005b0: 3022 0603 5504 030c 1b53 524b 315f 7368  0"..U....SRK1_sh
000005c0: 6132 3536 5f73 6563 7033 3834 7231 5f76  a256_secp384r1_v
000005d0: 335f 6361 301e 170d 3232 3034 3037 3033  3_ca0...22040703
000005e0: 3539 3533 5a17 0d33 3230 3430 3430 3335  5953Z..320404035
000005f0: 3935 335a 3029 3127 3025 0603 5504 030c  953Z0)1'0%..U...
00000600: 1e49 4d47 315f 315f 7368 6132 3536 5f73  .IMG1_1_sha256_s
00000610: 6563 7033 3834 7231 5f76 335f 7573 7230  ecp384r1_v3_usr0
00000620: 7630 1006 072a 8648 ce3d 0201 0605 2b81  v0...*.H.=....+.
00000630: 0400 2203 6200 0481 6d7f 36b3 9485 4ef1  ..".b...m.6...N.
00000640: 33b8 4c76 4377 8da3 29c5 3096 5e8a 6587  3.LvCw..).0.^.e.
00000650: ef63 d034 2256 bdcf 8893 086d 81c3 604f  .c.4"V.....m..`O
00000660: d560 e4d3 f1fe 5760 de47 383c da00 221e  .`....W`.G8<..".
00000670: 310b 9826 d39a 7488 123b 00dd 4dd1 f9a5  1..&..t..;..M...
00000680: 3156 e117 e281 237a d2fe c5be 0970 27cf  1V....#z.....p'.
00000690: 2cb4 abbf 60af 63a3 7b30 7930 0906 0355  ,...`.c.{0y0...U
000006a0: 1d13 0402 3000 302c 0609 6086 4801 86f8  ....0.0,..`.H...
000006b0: 4201 0d04 1f16 1d4f 7065 6e53 534c 2047  B......OpenSSL G
000006c0: 656e 6572 6174 6564 2043 6572 7469 6669  enerated Certifi
000006d0: 6361 7465 301d 0603 551d 0e04 1604 1463  cate0...U......c
000006e0: 8e52 8758 97c0 d388 1fe8 a20a f11f 89b5  .R.X............
000006f0: 20e7 c030 1f06 0355 1d23 0418 3016 8014   ..0...U.#..0...
00000700: 8599 c1e9 012d 1403 6d57 be7e 5049 55a2  .....-..mW.~PIU.
00000710: eb2f cac7 300a 0608 2a86 48ce 3d04 0302  ./..0...*.H.=...
00000720: 0368 0030 6502 3100 b985 7caa 3817 4480  .h.0e.1...|.8.D.
00000730: 46c1 f517 40c2 cb50 10f3 ee8c 14c2 9ae6  F...@..P........
00000740: 8438 4b2e 2018 dd2f a79b b58c bafb 3ac2  .8K. ../......:.
00000750: bf68 0716 158d 5831 0230 07ca a316 f8e4  .h....X1.0......
00000760: 329b c3fd c46e 6264 9e8a 0971 5330 bb69  2....nbd...qS0.i
00000770: 1a8a d70e 0965 d327 b476 b35b 75b0 a9fd  .....e.'.v.[u...
00000780: da47 abd1 38f6 0693 766e 0000 d801 5f43  .G..8...vn...._C
00000790: 3082 0157 0609 2a86 4886 f70d 0107 02a0  0..W..*.H.......
000007a0: 8201 4830 8201 4402 0101 310d 300b 0609  ..H0..D...1.0...
000007b0: 6086 4801 6503 0402 0130 0b06 092a 8648  `.H.e....0...*.H
000007c0: 86f7 0d01 0701 3182 0121 3082 011d 0201  ......1..!0.....
000007d0: 0130 2b30 2631 2430 2206 0355 0403 0c1b  .0+0&1$0"..U....
000007e0: 5352 4b31 5f73 6861 3235 365f 7365 6370  SRK1_sha256_secp
000007f0: 3338 3472 315f 7633 5f63 6102 0102 300b  384r1_v3_ca...0.
00000800: 0609 6086 4801 6503 0402 01a0 6930 1806  ..`.H.e.....i0..
00000810: 092a 8648 86f7 0d01 0903 310b 0609 2a86  .*.H......1...*.
00000820: 4886 f70d 0107 0130 1c06 092a 8648 86f7  H......0...*.H..
00000830: 0d01 0905 310f 170d 3232 3035 3331 3032  ....1...22053102
00000840: 3031 3132 5a30 2f06 092a 8648 86f7 0d01  0112Z0/..*.H....
00000850: 0904 3122 0420 c94e b3a2 7a54 b3ee a582  ..1". .N..zT....
00000860: 02c1 6e7b f445 942f 20d2 64a4 1d04 8760  ..n{.E./ .d....`
00000870: 95f7 af18 3164 300a 0608 2a86 48ce 3d04  ....1d0...*.H.=.
00000880: 0302 0467 3065 0231 0080 1367 70de e6d8  ...g0e.1...gp...
00000890: 1eae c81e e545 e7cc 082f acd4 0ac6 0527  .....E.../.....'
000008a0: 0d35 b50d 2e7b 70a0 ac8d 3344 8378 b77b  .5...{p...3D.x.{
000008b0: c782 e32c a3af f1e0 e002 300f 2cc5 418e  ...,......0.,.A.
000008c0: ee4d 7240 1c95 ef65 bb70 b4b2 d87b 2361  .Mr@...e.p...{#a
000008d0: 539d b2e7 accd 4d34 273b 93e7 64e4 c430  S.....M4';..d..0
000008e0: 296a a63f ae04 c557 df46 bb00 ac00 2443  )j.?...W.F....$C
000008f0: 000c 0010 0b87 f772 c9fb f3cb e4e4 d8c1  .......r........
00000900: 23c9 b260 542d b8a1 4779 cfca 1ef1 33f7  #..`T-..Gy....3.

> And share your steps of what you have generated the dek_blob.

It should match what I had described in my original post, here are the commands I used:

        cp "$OUT/Image_signing.bin" "$OUT/Image_signing.enc" \
                || error "Could not copy Image_signing.bin"
        "$CST/linux64/bin/cst" -i "$OUT/Image.csf_linux_enc.txt" -o "$OUT/Image.csf_linux_enc.bin" \
                || error "Could not sign csf linux enc"

        cp "$OUT/Image_signing.enc" "$OUT/Image_signing.enc.dummy" \
                || error "Could not copy Image_signing.bin.dummy"
        "$CST/linux64/bin/cst" -i "$OUT/Image.csf_linux_sign_enc.txt" -o "$OUT/Image.csf_linux_sign_enc.bin" \
                || error "Could not sign csf linux sign enc"
        rm -f "$OUT/Image_signing.enc.dummy" "$OUT/Image.dek_linux.bin.dummy"

        # copy encrypted nonce
        local offset_in offset_out
        offset_in=$(stat -c "%s" "$OUT/Image.csf_linux_enc.bin")
        [[ -n "$offset_in" ]] || error "Could not get csf_linux_enc.bin size"
        offset_in=$((offset_in - 36))
        offset_out=$(stat -c "%s" "$OUT/Image.csf_linux_sign_enc.bin")
        [[ -n "$offset_out" ]] || error "Could not get csf_linux_sign_enc.bin size"
        offset_out=$((offset_out - 36))

        echo "copying csf_linux_enc.bin $offset_in -> csf_linux_sign_enc.bin $offset_out 36 bytes"
        dd if="$OUT/Image.csf_linux_enc.bin" of="$OUT/Image.csf_linux_sign_enc.bin" \
                        status=none bs=36 count=1 \
                        iflag=skip_bytes oflag=seek_bytes \
                        skip="$offset_in" seek="$offset_out" \
                || error "Could not copy nonce/mac to csf_linux_sign_enc"

        # append csf to image
        cat "$OUT/Image.csf_linux_sign_enc.bin" >> "$OUT/Image_signing.enc" \
                || error "Could not append to $OUT/Image_signing.enc"

        # copy DEK at proper offset
        printf "linux DEK offset: %x\n" "$((linux_size + 0x20))"
        dd if="$OUT/Image.dek_linux.bin" of="$OUT/Image_signing.enc" \
                status=none seek=$((linux_size+0x20)) oflag=seek_bytes bs=4k conv=notrunc

after this, I copy the image to a fixed offset in /dev/mmcblk2boot0 and fix the dek blob:

# dek offset was 0x10a7020 and the image is 5MB inside the the device:
# printf "%x\n" $((5*2048+0x10a7020/512))
# ad38

u-boot=> mmc dev 2 1
u-boot=> mmc read 0x40800000 ad38 1
u-boot=> md 0x40800020  # non-transformed dek blob
40800020: 573df35e 4b27aa81 85a6d67c 564f8737    ^.=W..'K|...7.OV
40800030: a8864555 b5c0e31b 83434018 8eb87d32    UE.......@C.2}..
40800040: 00000000 00000000 00000000 00000000    ................
40800050: 00000000 00000000 00000000 00000000    ................
40800060: 00000000 00000000 00000000 00000000    ................
40800070: 00000000 00000000 00000000 00000000    ................
40800080: 437800d4 000c00be 00001703 78000000    ..xC...........x
40800090: 020c00be 01000009 2c020000 000c00ca    ...........,....
408000a0: 001dc501 2c040000 000c00be 02000009    .......,........
408000b0: 8c050000 001400ca 001dc502 8c070000    ................
408000c0: 00004840 20700a01 1d0800b2 01000000    @H....p ........
408000d0: 010c00be 000000bb 20705241 001400ca    ........ARp ....
408000e0: 001da300 ec080000 00104840 0080e600    ........@H......
408000f0: 1d0800b2 02000000 40b401d7 276c00e1    ...........@..l'
40800100: 80000000 8001004d 1e42734d 7d83e21d    ....M...MsB....}
40800110: c9770f04 290680d9 2739a319 5302a014    ..w....)..9'...S
u-boot=> cp 0x40800020 0x40400000 8
u-boot=> dek_blob 0x40400000 0x40800020 256
u-boot=> md 0x40800020  # actual dek blob
40800020: 43580081 00205566 15296475 dcaf95c8    ..XCfU .ud).....
40800030: 7a528b3c 23c74605 059adf2b 17719616    <.Rz.F.#+.....q.
40800040: 82a00a6b a3a5289b 8233afb8 02af2615    k....(....3..&..
40800050: 3625eeca fccbfc19 c6a57680 a05b734c    ..%6.....v..Ls[.
40800060: b923b5c4 27755513 046fa9ad 4ba3aa72    ..#..Uu'..o.r..K
40800070: 66e79cbc 2510cad4 00000000 00000000    ...f...%........
40800080: 437800d4 000c00be 00001703 78000000    ..xC...........x
40800090: 020c00be 01000009 2c020000 000c00ca    ...........,....
408000a0: 001dc501 2c040000 000c00be 02000009    .......,........
408000b0: 8c050000 001400ca 001dc502 8c070000    ................
408000c0: 00004840 20700a01 1d0800b2 01000000    @H....p ........
408000d0: 010c00be 000000bb 20705241 001400ca    ........ARp ....
408000e0: 001da300 ec080000 00104840 0080e600    ........@H......
408000f0: 1d0800b2 02000000 40b401d7 276c00e1    ...........@..l'
40800100: 80000000 8001004d 1e42734d 7d83e21d    ....M...MsB....}
40800110: c9770f04 290680d9 2739a319 5302a014    ..w....)..9'...S
u-boot=> mmc write 0x40800000 ad38 1

u-boot=> run loadimage
u-boot=> md 0x41527020 # correct blob address in csf
41527020: 43580081 00205566 15296475 dcaf95c8    ..XCfU .ud).....
41527030: 7a528b3c 23c74605 059adf2b 17719616    <.Rz.F.#+.....q.
41527040: 82a00a6b a3a5289b 8233afb8 02af2615    k....(....3..&..
41527050: 3625eeca fccbfc19 c6a57680 a05b734c    ..%6.....v..Ls[.
41527060: b923b5c4 27755513 046fa9ad 4ba3aa72    ..#..Uu'..o.r..K
41527070: 66e79cbc 2510cad4 00000000 00000000    ...f...%........
41527080: 437800d4 000c00be 00001703 78000000    ..xC...........x
41527090: 020c00be 01000009 2c020000 000c00ca    ...........,....
415270a0: 001dc501 2c040000 000c00be 02000009    .......,........
415270b0: 8c050000 001400ca 001dc502 8c070000    ................
415270c0: 00004840 20700a01 1d0800b2 01000000    @H....p ........
415270d0: 010c00be 000000bb 20705241 001400ca    ........ARp ....
415270e0: 001da300 ec080000 00104840 0080e600    ........@H......
415270f0: 1d0800b2 02000000 40b401d7 276c00e1    ...........@..l'
41527100: 80000000 8001004d 1e42734d 7d83e21d    ....M...MsB....}
41527110: c9770f04 290680d9 2739a319 5302a014    ..w....)..9'...S

So the dek blob is indeed written at the correct address in memory.

I have fixed hab event parsing (patch below), this is actually helpful as the second hab event actually makes sense (something in the caam engine failed) -- perhaps you can make more use of it than me. (10a7990 is the file size, 10a7000 is the offset to the ivt within the file.

u-boot=> hab_auth_img 0x40480000 10a7990 10a7000

Authenticate image from DDR location 0x40480000...

Secure boot enabled

HAB Configuration: 0xcc, HAB State: 0x99

--------- HAB Event 1 -----------------
event data:
	0xdb 0x00 0x14 0x45 0x33 0x3a 0xc0 0x00
	0xbe 0x00 0x0c 0x01 0xbb 0x00 0x00 0x00
	0x41 0x52 0x70 0x20

STS = HAB_FAILURE (0x33)
RSN = INVALID
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
	0xdb 0x00 0x24 0x45 0x33 0x30 0xc0 0x1d
	0x10 0x02 0x11 0x22 0x40 0x00 0x08 0x16
	0x55 0x55 0x00 0x0f 0x00 0x10 0x20 0x00
	0x00 0x00 0x00 0x01 0x91 0x00 0x88 0x0e
	0x00 0x00 0x02 0x05

STS = HAB_FAILURE (0x33)
RSN = HAB_ENG_FAIL (0x30)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_CAAM (0x1D)

FWIW, here's the uboot patch I used, with two fixes:

- sts_str did not correspond to hab_statuses. It just happened to work out for HAB_FAILURE because it was in 2nd slot in both cases

- get_idx would fail to recognize the -1 and never end the loop

- even when it did, it didn't return idx but an out of range index; it should return the last string entry invalid at index -1 in the enum list.

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 664444bfea5e..cea4b78caaee 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -280,9 +280,10 @@ static char *rsn_str[] = {
 };
 
 static char *sts_str[] = {
-			  "STS = HAB_SUCCESS (0xF0)\n",
+			  "STS = HAB_ANY (0x00)\n",
 			  "STS = HAB_FAILURE (0x33)\n",
 			  "STS = HAB_WARNING (0x69)\n",
+			  "STS = HAB_SUCCESS (0xF0)\n",
 			  "STS = INVALID\n",
 			  NULL
 };
@@ -398,12 +399,12 @@ static inline uint8_t get_idx(uint8_t *list, uint8_t tgt)
 {
 	uint8_t idx = 0;
 	uint8_t element = list[idx];
-	while (element != -1) {
+	while (element != (uint8_t)-1) {
 		if (element == tgt)
 			return idx;
 		element = list[++idx];
 	}
-	return -1;
+	return idx;
 }

... with which CTX_FAB = 0xff starts matching the -1 used for end of list, so we need to switch it to another value or extend the type size...
I've switched to 0xfe which isn't used anywhere I could see, even if it's a bit ugly:

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index cea4b78caaee..583da4ed2fb2 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -329,7 +329,7 @@ static uint8_t hab_statuses[5] = {
 	HAB_FAILURE,
 	HAB_WARNING,
 	HAB_SUCCESS,
-	-1
+	0xFE
 };
 
 static uint8_t hab_reasons[26] = {
@@ -358,7 +358,7 @@ static uint8_t hab_reasons[26] = {
 	HAB_UNS_KEY,
 	HAB_UNS_PROTOCOL,
 	HAB_UNS_STATE,
-	-1
+	0xFE
 };
 
 static uint8_t hab_contexts[12] = {
@@ -373,7 +373,7 @@ static uint8_t hab_contexts[12] = {
 	HAB_CTX_AUT_DAT,
 	HAB_CTX_ASSERT,
 	HAB_CTX_EXIT,
-	-1
+	0xFE
 };
 
 static uint8_t hab_engines[16] = {
@@ -392,14 +392,14 @@ static uint8_t hab_engines[16] = {
 	HAB_ENG_HDCP,
 	HAB_ENG_RTL,
 	HAB_ENG_SW,
-	-1
+	0xFE
 };
 
 static inline uint8_t get_idx(uint8_t *list, uint8_t tgt)
 {
 	uint8_t idx = 0;
 	uint8_t element = list[idx];
-	while (element != (uint8_t)-1) {
+	while (element != 0xFE) {
 		if (element == tgt)
 			return idx;
 		element = list[++idx];

well, it's not the problem here anyway, but it might help to have proper diagnostic.

Thanks again for looking!