iMX6ULL SECURE BOOTLOADER: No HAB Events Found! doesn't pop out, but seems to work properly!

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

iMX6ULL SECURE BOOTLOADER: No HAB Events Found! doesn't pop out, but seems to work properly!

700 Views
SicScar
Contributor II

Hi everybody, 

I'm developing a custom board, based on iMX6ULL processor. I'm trying to bring in the secure bootlader feature (NXP HABv4). 
I followed the guides inside "habv4" dictory inside uboot folder of Yocto/buildroot:

1) generated PKI tree with all certificates

2) generated the fuse table

3) burned efuses with these values (just the SRK_table, not the closing device ones)

4) built uboot outside indipendently (outside of the toolchain) , enabling the Support for i.MX HAB in menuconfig (i see HAB Blocks in u-boot-dtb.imx.log)

5) created CSF file and created the u-boot-signed.imx binary and flashed into the boot media (SD card)

 

Now, in Uboot menu, when i run hab_status command: 

i can read :

=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

 

and nothing else, i don't see the phrase No HAB Events Found!

The strage fact is that if i flash a fake signed image, i can see HAB Events popping out!

example: 

=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x08 0x42 0x33 0x11 0xcf 0x00

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_CSF (0x11)
CTX = HAB_CTX_CSF (0xCF)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x00
0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x2c
0x00 0x00 0x01 0xe8

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x20
0x00 0x00 0x00 0x01

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x80 0x00 0x00
0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

 

But with the correct one still can't see No HAB Events Found!.  Is it okay? maybe with the newer version of cst this feature changed (i'm using cst-3.3.1)? or I'm missing something?

Thanks a lot!

Simone

Labels (3)
0 Kudos
2 Replies

686 Views
Yuri
NXP Employee
NXP Employee
0 Kudos

682 Views
SicScar
Contributor II

Hi Yuri, thanks for replying to me. 

Yes, I'm using NXP U-boot 

Thanks for the link, it doesn't seem to be my specific case but I'll try to understand if that's the way to follow.

 

Best regards, 

Simone