i.MX8MQ HAB events with wrong header

BELOUARGA · ‎01-10-2023

I have a serious problem with HAB on i.MX8MQ, I signed the u-boot and the kernel by following the NXP documentation, so it seems to me that u-boot is well signed, but I have a weird behavior when I try to authenticate the kernel.

The event doesn’t appear when I call hab_auth_img, but if I call hab_status two times, I have one event with wrong header and without sens.

my laodaddr is 0x40480000, the size of the kernel 0x1a06960

I load the Image, here is the prompt from u-boot :

u-boot=> run loadimage

27289952 bytes read in 643 ms (40.5 MiB/s)
u-boot=> hab_auth_img 0x40480000 0x1a06960 0x1a05000

hab fuse not enabled

Authenticate image from DDR location 0x40480000…

Secure boot disabled

HAB Configuration: 0x00, HAB State: 0x00
u-boot=> hab_status

Secure boot disabled

HAB Configuration: 0x00, HAB State: 0x00
u-boot=> hab_status

Secure boot disabled

HAB Configuration: 0x00, HAB State: 0x00

——— HAB Event 1 —————–
event data:
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0xb0 0x0a 0x94 0xbf 0x00 0x00 0x00 0x00
0x00 0x00 0x48 0x40 0x00 0x00 0x00 0x00
0x60 0x69 0xa0 0x01 0x00 0x00 0x00 0x00
0x70 0x40 0x91 0xbf 0x00 0x00 0x00 0x00
0x34 0x51 0xf4 0xbf 0x00 0x00 0x00 0x00
0x85 0x51 0xfa 0xbf 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x70 0x40 0x91 0xbf 0x00 0x00 0x00 0x00
0x6c 0x51 0xf4 0xbf 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x20 0x1f 0x92 0xbf 0x00 0x00 0x00 0x00

STS = HAB_SUCCESS (0xF0)
RSN = HAB_RSN_ANY (0x00)
CTX = HAB_CTX_ANY(0x00)
ENG = HAB_ENG_ANY (0x00)

u-boot=>

For me an hab event should start by a Tag: 0xdb = Event, but here it starts with 0x00, secondly it shows a HAB_SUCCESS (0xF0).

I think that U-boot verification is well done because it is verified by ROM code and SPL, that means they are in EL3.

Nevertheless, U-BOOT is EL2, therefore it calls SMC to make a call for the ROM code through ARM Trusted firmware (BL31).

We think that the problem could come from the interface between u-boot and ATF.

For information, fuses are already programmed.

My question are :

why U-boot is displaying a HAB event data that doesn’t respect the datasheet of HAB ?
why we get a HAB event only at the second call, not at the first ?

BELOUARGA · ‎01-19-2023

Thank you @utkarsh_gupta , for your answer but imx8 was not in FAB state. It was a problem of communication between ATF and U-boot proper. The SPL was showing me correct informations but not U-boot(After adding a patch to SPL so the SPL shows the HAB state).

To correct this problem, I simply added OP-TEE, I think it's more a problem of BSP of the board, than a problem related to HAB.

Thank you

在原帖中查看解决方案

BELOUARGA · ‎01-19-2023

Thank you @utkarsh_gupta , for your answer but imx8 was not in FAB state. It was a problem of communication between ATF and U-boot proper. The SPL was showing me correct informations but not U-boot(After adding a patch to SPL so the SPL shows the HAB state).

To correct this problem, I simply added OP-TEE, I think it's more a problem of BSP of the board, than a problem related to HAB.

Thank you

utkarsh_gupta · ‎01-11-2023

The part you are dealing with seems to be in FAB state, please procure parts which are in OPEN state are retry security.