Hi everybody,
I'm developing a custom board, based on iMX6ULL processor. I'm trying to bring in the secure bootlader feature (NXP HABv4).
I followed the guides inside "habv4" dictory inside uboot folder of Yocto/buildroot:
1) generated PKI tree with all certificates
2) generated the fuse table
3) burned efuses with these values (just the SRK_table, not the closing device ones)
4) built uboot outside indipendently (outside of the toolchain) , enabling the Support for i.MX HAB in menuconfig (i see HAB Blocks in u-boot-dtb.imx.log)
5) created CSF file and created the u-boot-signed.imx binary and flashed into the boot media (SD card)
Now, in Uboot menu, when i run hab_status command:
i can read :
=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
and nothing else, i don't see the phrase No HAB Events Found!
The strage fact is that if i flash a fake signed image, i can see HAB Events popping out!
example:
=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x08 0x42 0x33 0x11 0xcf 0x00
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_CSF (0x11)
CTX = HAB_CTX_CSF (0xCF)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x00
0x00 0x00 0x00 0x20
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x2c
0x00 0x00 0x01 0xe8
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x20
0x00 0x00 0x00 0x01
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x80 0x00 0x00
0x00 0x00 0x00 0x04
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
But with the correct one still can't see No HAB Events Found!. Is it okay? maybe with the newer version of cst this feature changed (i'm using cst-3.3.1)? or I'm missing something?
Thanks a lot!
Simone
Hi Yuri, thanks for replying to me.
Yes, I'm using NXP U-boot
Thanks for the link, it doesn't seem to be my specific case but I'll try to understand if that's the way to follow.
Best regards,
Simone