I can't seem to find definitive information on what the cause may be to the HAB Event error of (0x22) or HAB_INV_ADDRESS.
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x08 0x42 0x33 0x22 0x0a 0x00
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ADDRESS (0x22)
CTX = HAB_CTX_AUTHENTICATE (0x0A)
ENG = HAB_ENG_ANY (0x00)
Can anyone help point me to the proper documentation?
I've gone through AN4581.pdf and HAB4_API.pdf and HABCST_UG.pdf.
Here's some further info about my setup.
Here's my CSF:
[Header]
Version = 4.2
Hash Algorithm = sha256
Engine = SW
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "../crts/SRK_1_2_3_4_table.bin"
Source index = 0 # Index of the key location in the SRK table to be installed
[Install CSFK]
# Key used to authenticate the CSF data
File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Unlock]
Engine = CAAM
Features = RNG
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target Index = 2
# Key to install
File= "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Address Offset Length Data File Path
Blocks = 0x877ff400 0x0 0x074000 "./u-boot-padded.imx"
my u-boot.imx is 0x73c00 in size padded to 0x74000 using the documented objcopy command:
objcopy -I binary -O binary --pad-to 0x74000 --gap-fill=0x5A u-boot.imx u-boot-padded.imx
IVT looks like:
> xxd -g 4 -l 48 u-boot-signed.imx
0000000: d1002040 00008087 00000000 2cf47f87 .. @........,...
0000010: 20f47f87 00f47f87 00308787 00000000 ........0......
0000020: 00f07f87 00600700 00000000 d201e040 .....`.........@
Any help/pointers/tips to get me going in the right direction would be greatly appreciated. Thanks!
Solved! Go to Solution.
Actually, now that I look back at the thread, I think I know why it didn't work. :smileyhappy:
Whatever instructions I read, had them padding the u-boot.imx. That doesn't make sense because the CSF goes at the end of it and the start address of the CSF is IN the IVT. If you pad u-boot, that'll push the CSF beyond where the IVT says it is!!
This time around, I didn't pad the u-boot blob. I'm not 100% certain, but i'm fairly confident that's why it didn't work the first time around.
Thanks again!
Thanks Yuri, I'll check out that thread and see if that affects me. I realized, maybe I should attach the full HAB events, just in case:
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x08 0x42 0x33 0x22 0x0a 0x00
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ADDRESS (0x22)
CTX = HAB_CTX_AUTHENTICATE (0x0A)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x00
0x00 0x00 0x00 0x20
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x2c
0x00 0x00 0x01 0xe0
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x20
0x00 0x00 0x00 0x01
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x80 0x00 0x00
0x00 0x00 0x00 0x04
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
Thanks!
Hello,
Appendix A (Interpreting HAB Event Data from Report_Event() API) of the “HAB4_API.pdf”
in the CST package should be used to analyze HAB Events.
As for reason "HAB_INV_ADDRESS (0x22) Invalid address: access denied",
please check if initialization via DCD table meet allowed addresses.
Please take a look at Table 8-31 (Valid DCD Address Ranges) in the i.MX 6UltraLite
Reference Manual, Rev. 1, 04/2016.
Have a great day,
Yuri
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------