In iMX6UL, we are getting the Kernel hab Authentication failure.
uBoot version: imx_v2019.04_4.19.35_1.1.0
Cross compiler: AArch32 target with hard float (arm-linux-gnueabihf); gcc-arm-8.3-2019.03-x86_64-arm-linux-gnueabihf
Kernel version: Linux 4.19.35_1.1.0
Fuse ‘CLOSED’ state:
The platform reach the terminal after autoboot as mentioned below,
/***************************************************/
NXP i.MX Release Distro 4.19-warrior imx6ul7d ttymxc0 imx6ul7d login:
/***************************************************/
If we stop the autoboot and check the hab status, we get the below error,
/***************************************************/
=> hab_status
Secure boot enabled
HAB Configuration: 0xcc, HAB State: 0x99
No HAB Events Found!
=> load mmc 1 80800000 zImage
7743652 bytes read in 370 ms (20 MiB/s)
=> hab_auth_img 80800000 762000 0
Authenticate image from DDR location 0x80800000...
bad magic magic=0x0 length=0xa000 version=0xe1
bad length magic=0x0 length=0xa000 version=0xe1
bad version magic=0x0 length=0xa000 version=0xe1
Error: Invalid IVT structure
Allowed IVT structure:
IVT HDR = 0x4X2000D1
IVT ENTRY = 0xXXXXXXXX
IVT RSV1 = 0x0 IVT DCD = 0x0
IVT BOOT_DATA = 0xXXXXXXXX
IVT SELF = 0xXXXXXXXX
IVT CSF = 0xXXXXXXXX IVT RSV2 = 0x0
/***************************************************/
Please provide your inputs to resolve the error.
Hello,
I've sent You directly some comments.
Have a great day,
Yuri.
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
------------------------------------------------------------------------------
Dear Yuri,
Thanks for your support.
How to verify the signed kernel in fuse 'CLOSED' state?
We used the below commands to verify the secure boot,
For uboot,
=> hab_status
For Kernel,
=> load mmc 1 0x80800000 zImage
=> hab_auth_img 0x80800000 0x762000 0
And what are the expected status for these commands?
Hello,
You may try to define the symbol DEBUG before the include section in the hab.h header file
for more details.
#define DEBUG
arch/arm/include/asm/mach-imx/hab.h
Regards,
Yuri.