ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

i.MX Security Reference Design Clarification Questions

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

i.MX Security Reference Design Clarification Questions

ソリューションへジャンプ
‎04-11-2024 07:31 PM
2,189件の閲覧回数
moose
Contributor IV

Hello,

We implemented the security reference design described in section 10.9 of i.MX Linux User's Guide. Our custom board is based on the imx8mn_evk machine, and the image complies and boots successfully. However, we have questions based on the security-related messages we see during boot (see attached screenshot):

  1. Does "No HAB Events Found!" message mean a successful image authentication?
  2. Does the meta-secure-boot layer automatically program the SRK tabe hash fuse, or do we need to do this ourselves?
  3. We think we have to program the SRK hash fuse ourselves, but if that is the case, how come we got a successful authentication (assuming "No HAB Events Found!" means successful authentication)?
  4. We tried to read the SRK hash fuse (fuse 0x580 [256 bits]) to verify, but we always read zeros using uboot `fuse read` command. Is there a way to read this fuse?

Thank you,

ラベル(2)
ファイルをプレビュー
58 KB
0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎04-18-2024 07:58 AM
1,260件の閲覧回数
moose
Contributor IV

After some troubleshooting, the answers are summarized below:

  1. Yes
  2. No
  3. Because HAB 4.1.2 and higher only perform a hash check if SRK keys are not zeros. In this case, the SRK fuse was not programmed, defaulting to zero and, therefore, bypassing the hash check. This is only supported by the table posted below from @Harvey021. I can't find it in AN4581, but it matches what we are experiencing. @Harvey021, could you post the source of that table?
  4. A reset is required to read the fuse; otherwise, it reads zero.

The combination of 3 and 4 made us doubt if we had a proper image before closing the device. We really wanted to see an intentional authentication failure. The only way to do this is to program the fuse and then generate an image with a different SRK table. Then, you will get the authentication failure messages as shown below.

moose_0-1713452190205.png

 

 

元の投稿で解決策を見る

0 件の賞賛
返信
8 返答(返信)

ソリューションへジャンプ
‎04-12-2024 09:14 PM
2,139件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

Hi, 

HAB (some versions and open device) won't compare SRK table against fuses when fuses are 0's. That is correct, we have to burn SRK hash. 

Without burning SRK hash, we will not get complete authentication. I think that the reference from Linux User guide mainly focus on the image signing with automation with Yocto build.

 

Regards

Harvey

0 件の賞賛
返信

ソリューションへジャンプ
‎04-13-2024 06:22 AM
2,126件の閲覧回数
moose
Contributor IV

This response confirms that the meta-secure-boot layer provided in the security reference design dose not program the SRK fuse and we would have to do it ourselves. Based on this clarification how come we are passing authentication when the fuse is all zero?

The statement “HAB (some versions and open device) won't compare SRK table against fuses when fuses are 0's.” does not agree with the statement “All HAB functions are executed as for a closed device.” mentioned in section 6.1.2.5 in imx8mn reference manual. Can you clarify?

No answers were given to questions 1 and 4. Could you please provide answers. 

thank you.

0 件の賞賛
返信

ソリューションへジャンプ
‎04-15-2024 07:46 PM
2,074件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

Q1, correct. 

Q4, zeros means that there are no fuses hash burned.

 

Regards

Harvey

0 件の賞賛
返信

ソリューションへジャンプ
‎04-15-2024 07:50 PM
2,072件の閲覧回数
moose
Contributor IV

Please answer, "Based on this clarification, how come we are passing authentication when the fuse is all zero?"

Also, we attempted to program the fuse using uboot fuse commands, but we are still reading zeros.

0 件の賞賛
返信

ソリューションへジャンプ
‎04-16-2024 04:56 PM
2,044件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

Please refer to the AN4581.

Harvey021_1-1713311792096.png

 

Regards

Harvey

0 件の賞賛
返信

ソリューションへジャンプ
‎04-17-2024 12:58 PM
1,988件の閲覧回数
moose
Contributor IV

@Harvey021, where did you get the table you copied (5.5.1)? This was not included in AN4581.We are familiar with AN4581, but it does not provide answers to our issue.

Have you attempted secure boot on imx8mn EVK? Were you able to read back the SRK fuse after programming, or did you get zeros as well? 

0 件の賞賛
返信

ソリューションへジャンプ
‎04-17-2024 03:33 PM
1,943件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

AN4581:

i.MX Secure Boot on HABv4 Supported Devices (nxp.com)

Or search "AN4581" from nxp.com

 

Have you reset the board before read it?  Please share more details about how you program SRK fuse hashs.

 

Regards

Harvey

0 件の賞賛
返信

ソリューションへジャンプ
‎04-18-2024 07:58 AM
1,261件の閲覧回数
moose
Contributor IV

After some troubleshooting, the answers are summarized below:

  1. Yes
  2. No
  3. Because HAB 4.1.2 and higher only perform a hash check if SRK keys are not zeros. In this case, the SRK fuse was not programmed, defaulting to zero and, therefore, bypassing the hash check. This is only supported by the table posted below from @Harvey021. I can't find it in AN4581, but it matches what we are experiencing. @Harvey021, could you post the source of that table?
  4. A reset is required to read the fuse; otherwise, it reads zero.

The combination of 3 and 4 made us doubt if we had a proper image before closing the device. We really wanted to see an intentional authentication failure. The only way to do this is to program the fuse and then generate an image with a different SRK table. Then, you will get the authentication failure messages as shown below.

moose_0-1713452190205.png

 

 

0 件の賞賛
返信