i.MX28 HAB Secure Boot Chain

Hi Yuri,

I have referred "i.MX_6_Linux_High_Assurance_Boot_(HAB)_User's_Guide.pdf"  and uboot code of i.MX6, I have found follow code in uboot:

#ifdef CONFIG_SECURE_BOOT

/* -------- start of HAB API updates ------------*/

#define hab_rvt_report_event ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT)

#define hab_rvt_report_status ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS)

#define hab_rvt_authenticate_image \

  ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE)

#define hab_rvt_entry ((hab_rvt_entry_t *) HAB_RVT_ENTRY)

#define hab_rvt_exit ((hab_rvt_exit_t *) HAB_RVT_EXIT)

#define hab_rvt_clock_init HAB_RVT_CLOCK_INIT

#define OCOTP_CFG5_OFFSET 0x460

#define IVT_SIZE 0x20

#define ALIGN_SIZE 0x1000

#define CSF_PAD_SIZE 0x2000

/*

* +------------+  0x0 (DDR_UIMAGE_START) -

* |   Header   |                          |

* +------------+  0x40                    |

* |            |                          |

* |            |                          |

* |            |                          |

* |            |                          |

* | Image Data |                          |

* .            |                          |

* .            |                           > Stuff to be authenticated ----+

* .            |                          |                                |

* |            |                          |                                |

* |            |                          |                                |

* +------------+                          |                                |

* |            |                          |                                |

* | Fill Data  |                          |                                |

* |            |                          |                                |

* +------------+ Align to ALIGN_SIZE      |                                |

* |    IVT     |                          |                                |

* +------------+ + IVT_SIZE              -                                 |

* |            |                                                           |

* |  CSF DATA  | <---------------------------------------------------------+

* |            |

* +------------+

* |            |

* | Fill Data  |

* |            |

* +------------+ + CSF_PAD_SIZE

*/

........

I know above definition are about the HAB API. In uboot, we could call these functions to validate the signed kernel.

BUT I don't know these mechanism whether are applied to i.MX28.

Thanks,

Gary

Hello,

1.

Please take a look at section 12.7.1 (ROM Vector Table Addresses).

2.

Sorry, but the information you are requesting is treated as confidential info at this time and requires a signed NDA (Non-Disclosure Agreement). Naturally, we cannot discuss this with you in public anyway, this requires to be handled as a Service Request (SR). Be aware that to give you remote support through a SR, we will still need the confirmation of a Freescale employee that the NDA is in place. If you want to go this route, the next steps will be: If you have already signed a NDA agreement for this product, please contact the person who assisted you or create a SR and name us a Freescale person that can confirm this. If you have not signed an agreement, please contact your local Freescale Distributor Salesperson or FAE for assistance. For a listing of our distributors, refer to: http://www.freescale.com/webapp/sps/site/overview.jsp?code=DISTRIBUTORS

Have a great day,
(my name)

-------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-------------------------------------------------------------------------------

Hi Yuri,

Thank you very much, I will contact the FAE.

Regards,

Gary

Hi Yuri,

Thanks for your answer,I try to think of other way.

Regards,

Gary