- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- i.MX フォーラム
- :
- i.MXプロセッサ
- :
- Re: iMX280 signed HAB boot issues
iMX280 signed HAB boot issues
- RSS フィードを購読する
- トピックを新着としてマーク
- トピックを既読としてマーク
- このトピックを現在のユーザーにフロートします
- ブックマーク
- 購読
- ミュート
- 印刷用ページ
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hello!
I'm trying to get secure and encrypted boots working with the iMX280. My current setup consists of loading the bootloader through USB, and then burning it to a NAND chip. There is no SD card reader on the board. Using the ltib build system, with linux kernel 2.6.35.3 and u-boot 2009.08.
Currently, I'm following a mix of AN4555 and this post: https://community.freescale.com/thread/317254 . After updating the .bd files and source files with the patches, and some other minor tweaks, I've got both the ivt_linux and ivt_uboot building, and the ivt_linux build works properly, while the ivt_uboot fails after power/boot prep with "0x8050100c" when trying to do the final jump into u-boot. However, on a board that I have burned the SRK into, along with burning HAB_CONFIG OTP field to HAB_CLOSED, I get the following error on boot (for both u-boot and linux ivts):
HTLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLFLC0x8050100f
0x80508002
Which looks like the board is loading everything up until the call to power_prep, and then being unable to find the bootlets, it reverts to the expected 0x80508002 error at not being able to find a boot source.
Before burning the OTP fuses I received no HAB errors, though I'm not sure if this is because it was truly error-free, or if there was a mistake in setting up the error reporting.
Are these errors popping up due to incorrectly signing the bootlets? Or maybe a problem with burning the OTP fuses incorrectly (with incorrect values, the process works properly)? Or is it a matter of mapping the bootlet sections incorrectly in the .bd/linker files? I have a feeling that's the issue with the u-boot booting at least, but I'm at a loss for the linux boot.
Any help is appreciated!
Thank you,
Jeff M.
解決済! 解決策の投稿を見る。
fabio_estevam
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
According to this post on the U-boot list:
https://www.mail-archive.com/u-boot@lists.denx.de/msg193810.html
version 2.0 should be used instead.
Regards,
Fabio Estevam
Yuri
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hello,
What version of the CST tool is used in the case ?
Looks like the 2.3 release does not fully support the i.MX28.
Would You please try the release 2.2
Have a great day,
Yuri
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
fabio_estevam
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
According to this post on the U-boot list:
https://www.mail-archive.com/u-boot@lists.denx.de/msg193810.html
version 2.0 should be used instead.
Regards,
Fabio Estevam
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hi Fabio,
Thank you for recommending v2.0.0 for the code-signing tool. After switching to it, I still had various issues, but it helped isolate my focus away from the tool, and more towards what I was doing.
For the changes I had to do after swapping the tool:
1) For u-boot, there were a couple of files that we were using that were named separately from the default files, and hence weren't properly patched. After updating these files, the new CST worked properly, as per Shaojun's directions in the forum post here: Mx28 Secure Boot .
2) For the Linux bootlets, my linker file was improperly modified for the hab section. After moving the hab section to the proper area, and rebuilding the kernel, my board now properly boots, even with the SRK fuses burned and the secure boot mode set to closed.
Thank you for everything!
-Jeff M.
