i.MX8M Mini secure boot HAB errors

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

i.MX8M Mini secure boot HAB errors

Jump to solution
2,438 Views
craigmcqueenir
Contributor IV

I am working on a system based on i.MX8M Mini, Yocto kirkstone, U-Boot v2021.04. It is derived from the imx8mm-evk machine (in U-Boot v2021.04, the imx8mm-evk-qca-wifi machine).

I'm using meta-freescale branch kirkstone commit 2e785f257a, which in the imx-boot recipe uses imx-mkimage branch lf-5.15.5_1.0.0 commit 22346a32a8.

I have a complete working system, but I want to enable secure boot for U-Boot etc.

I've been following the instructions in the document doc/imx/habv4/guides/mx8m_secure_boot.txt in the U-Boot v2021.04 source code. As described in my other post i.MX8M Mini secure boot Yocto bbappend, I'm trying to use Yocto to build it.

I've reached the step 1.8 "Verifying HAB events". I do the hab_status command, but I get HAB errors:

 

 

U-Boot SPL 2021.04-imx_v2021.04_5.15.5-1.0.0+gf7b43f8b4c (Mar 01 2022 - 07:31:56 +0000)
power_bd71837_init
DDRINFO: start DRAM init
DDRINFO: DRAM rate 3000MTS
DDRINFO:ddrphy calibration done
DDRINFO: ddrmix config done
SEC0:  RNG instantiated
Normal Boot
Trying to boot from MMC2
hab fuse not enabled

Authenticate image from DDR location 0x401fcdc0...
NOTICE:  BL31: v2.4(release):lf-5.15.5-1.0.0-0-g05f788b9b-dirty
NOTICE:  BL31: Built : 05:49:10, Mar  2 2022


U-Boot 2021.04-imx_v2021.04_5.15.5-1.0.0+gf7b43f8b4c (Mar 01 2022 - 07:31:56 +0000)

CPU:   i.MX8MMQ rev1.0 1600 MHz (running at 1200 MHz)
CPU:   Industrial temperature grade (-40C to 105C) at 42C
Reset cause: POR
Model: ----
DRAM:  2 GiB
MMC:   FSL_SDHC: 1, FSL_SDHC: 2
Loading Environment from MMC... *** Warning - bad CRC, using default environment

Fail to setup video link
In:    serial
Out:   serial
Err:   serial
SEC0:  RNG instantiated

 BuildInfo:
  - ATF 05f788b

flash target is MMC:2
Fastboot: Normal
Normal Boot
Autoboot in 3 seconds; press SPACE to abort
u-boot=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x40 0x1f 0xdd 0xc0
        0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
        0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x40 0x1f 0xcd 0xc0
        0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 3 -----------------
event data:
        0xdb 0x00 0x3c 0x43 0x33 0x18 0xc0 0x00
        0xca 0x00 0x34 0x00 0x02 0xc5 0x1d 0x00
        0x00 0x00 0x0a 0x30 0x40 0x1f 0xcd 0xc0
        0x00 0x00 0x10 0x20 0x40 0x20 0x00 0x00
        0x00 0x0d 0x23 0x70 0x40 0x2d 0x23 0x70
        0x00 0x00 0xa3 0xca 0x00 0x92 0x00 0x00
        0x00 0x00 0xc0 0xc6 0xfe 0x00 0x00 0x00
        0x00 0x00 0x00 0x10

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

u-boot=>

 

 

 

If I understand what I've read elsewhere, this indicates that it's expecting a data block to be signed which is not. If I'm reading the data right, there are two blocks:

  • Address 0x401fddc0, size 0x20
  • Address 0x401fcdc0, size 0x04

I've got a csf_fit.txt which ends with the following:

 

 

 

[Authenticate Data]
    # Key slot index used to authenticate the image data
    Verification index = 2
    # Authenticate Start Address, Offset, Length and file
    Blocks = \
        0x401fcdc0 0x57c00 0x1020 "imx-boot-machine-sd.bin-flash_evk", \
        0x40200000 0x5B000 0xD2370 "imx-boot-machine-sd.bin-flash_evk", \
        0x402D2370 0x12D370 0xA3CA "imx-boot-machine-sd.bin-flash_evk", \
        0x920000 0x13773C 0xC0C6 "imx-boot-machine-sd.bin-flash_evk", \
        0xFE000000 0x143804 0x10 "imx-boot-machine-sd.bin-flash_evk"

 

 

 

 Those blocks were derived from the mkimage output line sld hab block and print_fit_hab.sh as described in the above documentation.

So, what are these other blocks that the HAB seems to want to be signed too?

I found these other posts that are related, but don't answer my question:

Solved: HAB EVENT: HAB_INV_ASSERTION

How to get HAB Authenticate Data block address for i.MX 8M Mini in Yocto

Tags (2)
0 Kudos
Reply
1 Solution
2,371 Views
craigmcqueenir
Contributor IV

I've examined the above more closely, and found:

  • For the line
    0xFE000000 0x14380C 0x10
    both the load address and length are wrong. The load address can be fixed by reading the value of TEE_LOAD_ADDR from the build log. The length was wrong because I set BL31 to a symlink file, and the print_fit_hab.sh was reading the length of the symlink file itself (which is 16).
  • Once I fixed the above, I got a build error,
    Invalid Block arguments, Blocks start offset and length together exceed file size in command AuthenticateData
    which could be fixed by specifying VERSION=v1 when running print_fit_hab.sh.
  • It looks as though the padding done by pad_image.sh needs to be accounted for. So I should specify the padded files when running print_fit_hab.sh. Unfortunately, the DTB file gets padded as evk.dtb, but then that padded file gets deleted at the end of the Yocto imx-boot recipe build process (in iMX8M/soc.mak).

 

 

# Hack for padding of DTB
cp ${BOOT_STAGING}/${UBOOT_DTB_NAME} ${BOOT_STAGING}/${UBOOT_DTB_NAME}.pad
scripts/pad_image.sh ${BOOT_STAGING}/u-boot-nodtb.bin ${BOOT_STAGING}/${UBOOT_DTB_NAME}.pad
if ${DEPLOY_OPTEE}; then
    export BL32=${BOOT_STAGING}/tee.bin
fi
FIT_HAB=$(VERSION=v1 \
    BL31=${BOOT_STAGING}/bl31.bin \
    BL33=${BOOT_STAGING}/u-boot-nodtb.bin \
    ATF_LOAD_ADDR=${ATF_LOAD_ADDR} \
    TEE_LOAD_ADDR=${TEE_LOAD_ADDR} \
    ${S}/iMX8M/print_fit_hab.sh \
    0x60000 ${BOOT_STAGING}/${UBOOT_DTB_NAME}.pad)

0x40200000 0x5AC00 0xD2370
0x402D2370 0x12CF70 0xA3D0
0x920000 0x137340 0xC0D0
0xBE000000 0x143410 0x77EA0

 

 

After the above changes, when I boot it and do hab_status at the U-Boot command prompt, it says

No HAB Events Found!

 

So I guess that's a success.

View solution in original post

0 Kudos
Reply
3 Replies
2,389 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi @craigmcqueenir 

1, The ENGINE that you use is "ENG = HAB_ENG_ANY (0x00)", You need to change it in your csf file with CAAM. 

2, Please share the these files for further troubleshooting. 

- ivt of spl, - ivt of fit, - csf of spl, - csf of fit, - full log of imx-mkiamge generated, - full log of pring_fit_hab generated. 

 

Best regards

Harvey

0 Kudos
Reply
2,374 Views
craigmcqueenir
Contributor IV

- ivt of spl, - ivt of fit

Where do I find those?

 

- csf of spl

 

[Header]
    Version = 4.3
    Hash Algorithm = sha256
    Engine = CAAM
    Engine Configuration = 0
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    # Index of the key location in the SRK table to be installed
    File = "../crts/SRK_1_2_3_4_table.bin"
    Source index = 0

[Install CSFK]
    # Key used to authenticate the CSF data
    File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Unlock]
    # Leave Job Ring and DECO master ID registers Unlocked
    Engine = CAAM
    Features = MID

[Install Key]
    # Key slot index used to authenticate the key to be installed
    Verification index = 0
    # Target key slot in HAB key store where key will be installed
    Target index = 2
    # Key to install
    File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate Data]
    # Key slot index used to authenticate the image data
    Verification index = 2
    # Authenticate Start Address, Offset, Length and file
    # Blocks = 0x7e0fc0 0x0 0x2e200 "git/imx-boot-tv4000-sd.bin-flash_evk"
    Blocks = 0x7e0fc0 0x0 0x2e200 "imx-boot-tv4000-sd.bin-flash_evk"

 

 

- csf of fit

 

[Header]
    Version = 4.3
    Hash Algorithm = sha256
    Engine = CAAM
    Engine Configuration = 0
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    # Index of the key location in the SRK table to be installed
    File = "../crts/SRK_1_2_3_4_table.bin"
    Source index = 0

[Install CSFK]
    # Key used to authenticate the CSF data
    File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
    # Key slot index used to authenticate the key to be installed
    Verification index = 0
    # Target key slot in HAB key store where key will be installed
    Target index = 2
    # Key to install
    File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate Data]
    # Key slot index used to authenticate the image data
    Verification index = 2
    # Authenticate Start Address, Offset, Length and file
    Blocks = \
        0x401fcdc0 0x57c00 0x1020 "imx-boot-tv4000-sd.bin-flash_evk", \
        0x40200000 0x5B000 0xD2370 "imx-boot-tv4000-sd.bin-flash_evk", \
        0x402D2370 0x12D370 0xA3CA "imx-boot-tv4000-sd.bin-flash_evk", \
        0x920000 0x13773C 0xC0D0 "imx-boot-tv4000-sd.bin-flash_evk", \
        0xFE000000 0x14380C 0x10 "imx-boot-tv4000-sd.bin-flash_evk"

 

 

 - full log of imx-mkimage generated,

I'm using the Yocto imx-boot recipe, which has this in the build log temp/log.do_compile:

 

NOTE: building iMX8MM -  flash_evk
26266+0 records in
26266+0 records out
105064 bytes (105 kB, 103 KiB) copied, 0.0474495 s, 2.2 MB/s
./../scripts/dtb_check.sh imx8mm-evk.dtb evk.dtb imx8mm-evk-qca-wifi.dtb
Use u-boot DTB: imx8mm-evk-qca-wifi.dtb
./../scripts/pad_image.sh tee.bin
tee.bin is padded to 491168
./../scripts/pad_image.sh bl31.bin
bl31.bin is padded to 49360
./../scripts/pad_image.sh u-boot-nodtb.bin evk.dtb
u-boot-nodtb.bin + evk.dtb are padded to 902976
DEK_BLOB_LOAD_ADDR=0x40400000 TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 ./mkimage_fit_atf.sh evk.dtb > u-boot.its
bl31.bin size: 
49360
Building with TEE support, make sure bl31.bin is compiled with spd. If you do not want tee, please delete tee.bin
tee.bin size: 
491168
u-boot-nodtb.bin size: 
861040
evk.dtb size: 
41936
mkimage -E -p 0x3000 -f u-boot.its u-boot.itb
FIT description: Configuration to load ATF before U-Boot
Created:         Wed Dec 15 16:24:03 2021
 Image 0 (uboot-1)
  Description:  U-Boot (64-bit)
  Created:      Wed Dec 15 16:24:03 2021
  Type:         Standalone Program
  Compression:  uncompressed
  Data Size:    861040 Bytes = 840.86 KiB = 0.82 MiB
  Architecture: AArch64
  Load Address: 0x40200000
  Entry Point:  unavailable
 Image 1 (fdt-1)
  Description:  evk
  Created:      Wed Dec 15 16:24:03 2021
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    41936 Bytes = 40.95 KiB = 0.04 MiB
  Architecture: Unknown Architecture
 Image 2 (atf-1)
  Description:  ARM Trusted Firmware
  Created:      Wed Dec 15 16:24:03 2021
  Type:         Firmware
  Compression:  uncompressed
  Data Size:    49360 Bytes = 48.20 KiB = 0.05 MiB
  Architecture: AArch64
  OS:           ARM Trusted Firmware
  Load Address: 0x00920000
 Image 3 (tee-1)
  Description:  TEE firmware
  Created:      Wed Dec 15 16:24:03 2021
  Type:         Firmware
  Compression:  uncompressed
  Data Size:    491168 Bytes = 479.66 KiB = 0.47 MiB
  Architecture: AArch64
  OS:           Unknown OS
  Load Address: 0xbe000000
 Default Configuration: 'config-1'
 Configuration 0 (config-1)
  Description:  evk
  Kernel:       unavailable
  Firmware:     uboot-1
  FDT:          fdt-1
  Loadables:    atf-1
                tee-1
./mkimage_imx8 -version v1 -fit -loader u-boot-spl-ddr.bin 0x7E1000 -second_loader u-boot.itb 0x40200000 0x60000 -out flash.bin
Platform:	i.MX8M (mScale)
ROM VERSION:	v1
Using FIT image
LOADER IMAGE:	u-boot-spl-ddr.bin start addr: 0x007e1000
SECOND LOADER IMAGE:	u-boot.itb start addr: 0x40200000 offset: 0x00060000
Output:		flash.bin
========= IVT HEADER [HDMI FW] =========
header.tag: 		0x0
header.length: 		0x0
header.version: 	0x0
entry: 			0x0
reserved1: 		0x0
dcd_ptr: 		0x0
boot_data_ptr: 		0x0
self: 			0x0
csf: 			0x0
reserved2: 		0x0
boot_data.start: 	0x0
boot_data.size: 	0x0
boot_data.plugin: 	0x0
========= IVT HEADER [PLUGIN] =========
header.tag: 		0x0
header.length: 		0x0
header.version: 	0x0
entry: 			0x0
reserved1: 		0x0
dcd_ptr: 		0x0
boot_data_ptr: 		0x0
self: 			0x0
csf: 			0x0
reserved2: 		0x0
boot_data.start: 	0x0
boot_data.size: 	0x0
boot_data.plugin: 	0x0
========= IVT HEADER [LOADER IMAGE] =========
header.tag: 		0xd1
header.length: 		0x2000
header.version: 	0x41
entry: 			0x7e1000
reserved1: 		0x0
dcd_ptr: 		0x0
boot_data_ptr: 		0x7e0fe0
self: 			0x7e0fc0
csf: 			0x80f1c0
reserved2: 		0x0
boot_data.start: 	0x7e0bc0
boot_data.size: 	0x30660
boot_data.plugin: 	0x0
========= OFFSET dump =========
Loader IMAGE:
 header_image_off 	0x0
 dcd_off 		0x0
 image_off 		0x40
 csf_off 		0x2e200
 spl hab block: 	0x7e0fc0 0x0 0x2e200

Second Loader IMAGE:
 sld_header_off 	0x57c00
 sld_csf_off 		0x58c20
 sld hab block: 	0x401fcdc0 0x57c00 0x1020

 

 

- full log of pring_fit_hab generated

 

if ${DEPLOY_OPTEE}; then
    export BL32=${DEPLOY_DIR_IMAGE}/tee.bin
fi
FIT_HAB=$(BL31=${BOOT_STAGING}/bl31.bin \
    BL33=${DEPLOY_DIR_IMAGE}/${BOOT_TOOLS}/u-boot-nodtb.bin-${MACHINE}-${UBOOT_CONFIG} \
    ATF_LOAD_ADDR=${ATF_LOAD_ADDR} \
    ${S}/iMX8M/print_fit_hab.sh \
    0x60000 ${DEPLOY_DIR_IMAGE}/${BOOT_TOOLS}/${UBOOT_DTB_NAME})

0x40200000 0x5B000 0xD2370
0x402D2370 0x12D370 0xA3CA
0x920000 0x13773C 0xC0D0
0xFE000000 0x14380C 0x10

 

 

One bit I'm a little unsure of, is the padding of the various images done by pad_image.sh. I'm not sure why it's done. Perhaps when I call print_fit_hab.sh, I need to refer to the padded BL31, BL32, BL33 etc rather than the original ones.

0 Kudos
Reply
2,372 Views
craigmcqueenir
Contributor IV

I've examined the above more closely, and found:

  • For the line
    0xFE000000 0x14380C 0x10
    both the load address and length are wrong. The load address can be fixed by reading the value of TEE_LOAD_ADDR from the build log. The length was wrong because I set BL31 to a symlink file, and the print_fit_hab.sh was reading the length of the symlink file itself (which is 16).
  • Once I fixed the above, I got a build error,
    Invalid Block arguments, Blocks start offset and length together exceed file size in command AuthenticateData
    which could be fixed by specifying VERSION=v1 when running print_fit_hab.sh.
  • It looks as though the padding done by pad_image.sh needs to be accounted for. So I should specify the padded files when running print_fit_hab.sh. Unfortunately, the DTB file gets padded as evk.dtb, but then that padded file gets deleted at the end of the Yocto imx-boot recipe build process (in iMX8M/soc.mak).

 

 

# Hack for padding of DTB
cp ${BOOT_STAGING}/${UBOOT_DTB_NAME} ${BOOT_STAGING}/${UBOOT_DTB_NAME}.pad
scripts/pad_image.sh ${BOOT_STAGING}/u-boot-nodtb.bin ${BOOT_STAGING}/${UBOOT_DTB_NAME}.pad
if ${DEPLOY_OPTEE}; then
    export BL32=${BOOT_STAGING}/tee.bin
fi
FIT_HAB=$(VERSION=v1 \
    BL31=${BOOT_STAGING}/bl31.bin \
    BL33=${BOOT_STAGING}/u-boot-nodtb.bin \
    ATF_LOAD_ADDR=${ATF_LOAD_ADDR} \
    TEE_LOAD_ADDR=${TEE_LOAD_ADDR} \
    ${S}/iMX8M/print_fit_hab.sh \
    0x60000 ${BOOT_STAGING}/${UBOOT_DTB_NAME}.pad)

0x40200000 0x5AC00 0xD2370
0x402D2370 0x12CF70 0xA3D0
0x920000 0x137340 0xC0D0
0xBE000000 0x143410 0x77EA0

 

 

After the above changes, when I boot it and do hab_status at the U-Boot command prompt, it says

No HAB Events Found!

 

So I guess that's a success.

0 Kudos
Reply