We are implementing High Assurance Boot om i.MX6ULL. Everything seems to be working with EMMC as well as blank boards. Thus, we have been able to boot u-boot via SDP even in "closed" mode. I have modified u-boot to start interactive shell, and confirmed that there are no events:
U-Boot 2020.04-5.4.70-2.3.3+g3045fd84 (Dec 29 2023 - 17:07:49 +0000)
CPU: i.MX6ULL rev1.1 792 MHz (running at 396 MHz)
CPU: Industrial temperature grade (-40C to 105C) at 41C
Reset cause: POR
Model: i.MX6 ULL 14x14 EVK Board
Board: MX6ULL 14x14 EVK
DRAM: 512 MiB
MMC: FSL_SDHC: 0, FSL_SDHC: 1
Loading Environment from MMC... OK
In: serial
Out: serial
Err: serial
switch to partitions #0, OK
mmc1(part 0) is current device
flash target is MMC:1
No ethernet found.
Fastboot: Normal
Boot from USB for mfgtools
*** Warning - Use default environment for mfgtools
, using default environment
Run bootcmd_mfg: run mfgtool_args;if iminfo ${initrd_addr}; then if test ${tee} = yes; then bootm ${tee_addr} ${initrd_addr} ${fdt_addr}; else bootz ${loadaddr} ${initrd_addr} ${fdt_addr}; fi; else echo "Run fastboot ...";fi;
Hit any key to stop autoboot: 0
## Checking Image at 86800000 ...
Unknown image format!
Run fastboot ...
=> hab_status
Secure boot enabled
HAB Configuration: 0xcc, HAB State: 0x99
No HAB Events Found!
Then, I flashed an u-boot version without HAB/CSF signing to EMMC. The CPU now fallbacks to SDP mode:
Path Chip Pro Vid Pid BcdVersion
==================================================
1:1 MX6ULL SDP: 0x15A2 0x0080 0x0001
However, it is now impossible to boot via SDP using uuu:
uuu SDP: boot -f u-boot.imx
The download succeeds, but the command then hangs. Thus, the device is essentially "bricked". This has been confirmed on two devices.
I have read the section on closed devices in the uuu documentation. If I understand it correctly, it should be sufficient to sign the DCD area, which I have done:
[Authenticate Data]
Verification index = 2
# Address Offset Length Data File Path
Blocks = 0x877ff400 0x00000000 0x00074c00 "u-boot-unsigned.imx", \
0x00910000 0x0000002c 0x000001e8 "u-boot-unsigned.imx"
I have also tried clearing the DCD before signing, as described on many places. And after all, boot via SDP does work when the EMMC is "blank" (start filled with zeroes).
Why is it not possible to boot via SDP when EMMC contains unsigned u-boot? I have read https://github.com/nxp-imx/mfgtools/issues/235 but the conclusion does not really match the "uuu" documentation, which says that no special DCD "nulling" needs to be performed on i.MX6ULL. Also, it does not say anything about signing a 3rd IVT section - is that really needed?
I created another signed version of u-boot, which only signs the HAB Blocks and no DCD Blocks. Then I was able to boot u-boot via SDP using:
uuu SDP: write -f u-boot.imx -ivt 0
uuu SDP: jump -f u-boot.imx
Unfortunately, even though flashing via "uuu -b emmc" or "uuu -b emmc_all" works fine, the device still cannot boot on its own.
I also tried clearing the boot partitions from Linux. This gave another effect: The write/jump commands above no longer works, but instead a "normal" boot works:
uuu SDP: boot -f u-boot.imx
But after trying flash of entire MMC again, I am back to the state where write/jump are needed. Apparently, the method depends on if the MMC boot partitions are blank or not.
In any case, how can I make the device boot from MMC again?