FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

iMX6UL - Kernel HAB Authentication status fail

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

iMX6UL - Kernel HAB Authentication status fail

‎01-26-2020 11:48 PM
704 Views
kanimozhi_t
Contributor V

In iMX6UL, we are getting the Kernel hab Authentication failure.

uBoot version: imx_v2019.04_4.19.35_1.1.0

Cross compiler: AArch32 target with hard float (arm-linux-gnueabihf); gcc-arm-8.3-2019.03-x86_64-arm-linux-gnueabihf 

Kernel version: Linux 4.19.35_1.1.0

Fuse ‘CLOSED’ state:

The platform reach the terminal after autoboot as mentioned below,

/***************************************************/

NXP i.MX Release Distro 4.19-warrior imx6ul7d ttymxc0 imx6ul7d login:

/***************************************************/

If we stop the autoboot and check the hab status, we get the below error,

/***************************************************/

=> hab_status

Secure boot enabled

HAB Configuration: 0xcc, HAB State: 0x99

No HAB Events Found!

=> load mmc 1 80800000 zImage

7743652 bytes read in 370 ms (20 MiB/s)

=> hab_auth_img 80800000 762000 0

Authenticate image from DDR location 0x80800000...

bad magic magic=0x0 length=0xa000 version=0xe1

bad length magic=0x0 length=0xa000 version=0xe1

bad version magic=0x0 length=0xa000 version=0xe1

Error: Invalid IVT structure

Allowed IVT structure:

IVT HDR = 0x4X2000D1

IVT ENTRY = 0xXXXXXXXX

IVT RSV1 = 0x0 IVT DCD = 0x0

IVT BOOT_DATA = 0xXXXXXXXX

IVT SELF = 0xXXXXXXXX

IVT CSF = 0xXXXXXXXX IVT RSV2 = 0x0

/***************************************************/

Please provide your inputs to resolve the error.

Labels (1)
Labels
putty_fuse_closed.log.zip
0 Kudos
Reply
3 Replies

‎01-27-2020 11:26 PM
587 Views
Yuri
NXP Employee
NXP Employee

Hello,

 

 I've sent You directly some comments.

 

Have a great day,

Yuri.

 

-------------------------------------------------------------------------------

Note:

- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored

 

Please open a new thread and refer to the closed one, if you have a related question at a later point in time.

------------------------------------------------------------------------------

0 Kudos
Reply

‎01-28-2020 01:56 AM
587 Views
kanimozhi_t
Contributor V

Dear Yuri,

Thanks for your support.

How to verify the signed kernel in fuse 'CLOSED' state?

We used the below commands to verify the secure boot,

For uboot,

=> hab_status

For Kernel,

=> load mmc 1 0x80800000 zImage

=> hab_auth_img 0x80800000 0x762000 0

And what are the expected status for these commands?

0 Kudos
Reply

‎02-06-2020 02:19 AM
587 Views
Yuri
NXP Employee
NXP Employee

Hello,

  You may try to define the symbol DEBUG before the include section in the hab.h header file

for more details.

#define DEBUG

 

arch/arm/include/asm/mach-imx/hab.h

Regards,

Yuri.

0 Kudos
Reply