iMX6 Solo High Assurance Boot

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

iMX6 Solo High Assurance Boot

Jump to solution
1,933 Views
danielberhe
Contributor IV

Hi All,

I'm trying to implement secure boot on a custom imx6 solo board. I read CST_UG.pdf that came with Code Signing Tool 3.1.0 and generated the HAB4 keys and certificates. I then programmed the SRK hash values to efuses. I created a CSF description file (see attachment uboot.csf) and attempted to sign my uboot image uboot.imx. The first problem I saw was that signing the the uboot.imx failed with "Invalid Block arguments, Blocks start offset and length together exceed file size in command AuthenticateData" error. This didn't make a lot of sense because I used the the 'HAB Blocks' values from u-boot.imx.log for the authenticate data command blocks line. I then tried tried replacing the size with the actual size of uboot.imx which seemed to fix this particular issue.

I then updated the board with the signed uboot image and checked for HAB events by running 'hab_status' and found 5 events (see hab_status.txt). I have had a look at 'Appendix A: Interpreting HAB Event Data' section of the HAB reference manual. The first event looks to be an invalid address error and the rest are invalid assertion errors. Sadly this didn't help me understand the problems enough to come up with a fix. I also tried the hab_log_parser executable (see hab_log_parsed.txt) in an attempt to understand the problem better but that didn't help much.

I am running uboot version v2019.10.

Can someone please help in resolving this issue?

Daniel

Labels (3)
0 Kudos
Reply
1 Solution
1,927 Views
danielberhe
Contributor IV

I managed to solve both the "Invalid Block arguments, Blocks start offset and length together exceed file size in command AuthenticateData" error and the hab events I was seeing in uboot by padding my unsigned image so that it matched the size reported in u-boot.imx.log before signing it.

 

Daniel

View solution in original post

0 Kudos
Reply
1 Reply
1,928 Views
danielberhe
Contributor IV

I managed to solve both the "Invalid Block arguments, Blocks start offset and length together exceed file size in command AuthenticateData" error and the hab events I was seeing in uboot by padding my unsigned image so that it matched the size reported in u-boot.imx.log before signing it.

 

Daniel

0 Kudos
Reply