iMX6Q signed u-boot in closed configuration unstable booting

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

iMX6Q signed u-boot in closed configuration unstable booting

1,279 次查看
evgenymolchanov
Contributor III

Hi all,

I have custom board with iMX6Q and I need to close it.

I generate all necessary files with cst-2.3.2 and burn SRK HASH to eFuses with MFGTools.

After signing u-boot(Android 4.4.3) I have checks what No HAB event occured:

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!

and I close device with command: fuse prog 0 6 0x00000002

after reset board starts and in console:

Secure boot enabled                                                                          
                                                                                             
HAB Configuration: 0xcc, HAB State: 0x99                                                     
No HAB Events Found!                                                                         

I am trying different boot devices: SD, eMMC and SPI. But sometimes board doesn't boot!!!

Here is my u-boot.csf:

[Header]
Version = 4.0
Hash Algorithm = SHA256
Engine = Any
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS

[Install SRK]
File = "../crts/SRK_1_2_3_4_table.bin"
Source Index = 0
Hash Algorithm = sha256

[Install CSFK]
File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
Certificate Format = X509

[Authenticate CSF]
[Install Key]
File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
Verification Index = 0
Target Index = 2
Certificate Format = X509

[Authenticate Data]
Blocks = 0x177FF400 0x0 0xafc00 "u-boot-pad.imx"
Verification Index = 2

Here is u-boot.imx hexdump:

00000000  d1 00 20 40 00 00 80 17  00 00 00 00 2c f4 7f 17  |.. @........,...|
00000010  20 f4 7f 17 00 f4 7f 17  00 f0 8a 17 00 00 00 00  | ...............|
00000020  00 f0 7f 17 00 20 0b 00  00 00 00 00 d2 02 f8 40  |..... .........@|
00000030  cc 02 f4 04 02 0e 07 98  00 0c 00 00 02 0e 07 58  |...............X|
00000040

header:       40 20 00 d1

entry:         17 80 00 00

reserved1:   00 00 00 00

dcd:            17 7f f4 2c

boot_data:  17 7f f4 20 - start: 177ff000, length: b2000, plugin_flag: 00000000

self:            17 7f f4 00

csf:             17 8a f0 00

size of data to be signed = csf - self = 178af000 - 177ff400 = afc00

u-boot burned to device with seek = 0x400

0xafc00 + 0x400 = 0xB0000

and my signing script:

objcopy -I binary -O binary --pad-to 0xafc00 --gap-fill=0xFF $DIR/u-boot.imx u-boot-pad.imx

./cst -o u-boot-csf.bin -i u-boot.csf

#0xB0000 + 0x2000 = 0xB20000 = boot_data->length.

objcopy -I binary -O binary --pad-to=0x2000 --gap-fill=0x00 u-boot-csf.bin u-boot-csf-pad.bin

cat u-boot-pad.imx u-boot-csf-pad.bin > u-boot-signed.imx

So, what am I doing wrong?

标签 (2)
0 项奖励
回复
2 回复数

1,152 次查看
Yuri
NXP Employee
NXP Employee

Hello,

  You mentioned, that  "trying different boot devices: SD, eMMC and SPI. But sometimes board doesn't boot!!!"

Does it mean that sometimes the board boots correctly ?

Perhaps it makes sense to check memory ?

https://community.nxp.com/docs/DOC-105652 

Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 项奖励
回复

1,152 次查看
evgenymolchanov
Contributor III

Hello,

Yes, board booting correctly sometimes. After fixing command sequence file, board booting every time. Thanks.

0 项奖励
回复