FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

iMX8M Mini Secure-Boot Authenticate Linux FIT image

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

iMX8M Mini Secure-Boot Authenticate Linux FIT image

‎11-04-2020 09:58 AM
1,237 Views
sajjadahmed
Contributor II

Hi all,

I'm done with the bootloader authentication part, HAB shows no event for the bootloader image (SPL + uboot FIT)

 

...
Trying to boot from MMC1
hab fuse not enabled

Authenticate image from DDR location 0x401fcdc0...
...
Hit any key to stop autoboot:  0 
u-boot=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!

 

Contrary to the standard zImage workflow, next I'm using Linux FIT image (kernel, dtb, ramdisk) which I also signed as explained in the HABv4 doc section "Authenticating additional boot images", when I authenticate the Linux FIT image loaded at memory location 0x90000000 Linux FIT image file size 0x0225700, it says everything is fine !! No HAB events

u-boot=> hab_auth_img 0x90000000 0x02257000
hab fuse not enabled
Authenticate image from DDR location 0x90000000...

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!

BUT...

When I try to boot this signed Linux FIT image (Kernel + fdt + ramdisk) placed at 0x90000000 using the following command, it returns "Not valid image format for Authentication, Please check"

 

u-boot=> bootm 0x90000000
Not valid image format for Authentication, Please check
u-boot=>

 

Kindly, guide where the issue is?

Labels (1)
0 Kudos
Reply
2 Replies

‎11-20-2020 12:24 AM
1,194 Views
sajjadahmed
Contributor II

Apparently, the AHAB container approach doesn't provide a solution for HABv4. I've implemented Linux fit image authentication in u-boot the same way it is authenticating the zImage and legacy uImage signed kernel binaries.

0 Kudos
Reply

‎11-19-2020 04:18 PM
1,200 Views
IvanRuiz
NXP Employee
NXP Employee

Hello,

Since this information is confidential, there is no additional guide other than the document you already referred to for the HAB for this device. But you may find it helpful to refer to the following App note where the secure boot is explained using AHAB for the 8X: https://www.nxp.com/docs/en/application-note/AN12312.pdf

 

Hope it helps!

 

BR,

Ivan.

0 Kudos
Reply