Hi all,
I'm done with the bootloader authentication part, HAB shows no event for the bootloader image (SPL + uboot FIT)
...
Trying to boot from MMC1
hab fuse not enabled
Authenticate image from DDR location 0x401fcdc0...
...
Hit any key to stop autoboot: 0
u-boot=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
Contrary to the standard zImage workflow, next I'm using Linux FIT image (kernel, dtb, ramdisk) which I also signed as explained in the HABv4 doc section "Authenticating additional boot images", when I authenticate the Linux FIT image loaded at memory location 0x90000000 Linux FIT image file size 0x0225700, it says everything is fine !! No HAB events
u-boot=> hab_auth_img 0x90000000 0x02257000 hab fuse not enabled Authenticate image from DDR location 0x90000000... Secure boot disabled HAB Configuration: 0xf0, HAB State: 0x66 No HAB Events Found!
BUT...
When I try to boot this signed Linux FIT image (Kernel + fdt + ramdisk) placed at 0x90000000 using the following command, it returns "Not valid image format for Authentication, Please check"
u-boot=> bootm 0x90000000
Not valid image format for Authentication, Please check
u-boot=>
Kindly, guide where the issue is?
Apparently, the AHAB container approach doesn't provide a solution for HABv4. I've implemented Linux fit image authentication in u-boot the same way it is authenticating the zImage and legacy uImage signed kernel binaries.
Hello,
Since this information is confidential, there is no additional guide other than the document you already referred to for the HAB for this device. But you may find it helpful to refer to the following App note where the secure boot is explained using AHAB for the 8X: https://www.nxp.com/docs/en/application-note/AN12312.pdf
Hope it helps!
BR,
Ivan.