Hi NXP community,
I have a iMX8M-Plus processor and want to establish a chain of trust during the boot process with HABv4.
Using the guides in the imx-boot git repo, I've successfully signed the SPL, the FIT image (U-boot + ATF) and the Linux kernel. Now I want to also sign a binary for the co-processor (Cortex-M7). However I run into some trouble here.
Section 3 of the guide describes how to "authenticate additional boot images". It shows how to sign the kernel, but I assume that the MCU binary can also be signed in this way.
The first step of the guide says to pad the image. It shows that with the "od -x -j 0x10 -N 0x4 --endian=little Image" command, you can get the location to where to pad the image. This works for the kernel, but for the MCU binary I get an address that is smaller than the binary is. So, my first question is how should I pad the MCU binary? To what address do I need to allign the image?
My second question is how to enable HAB events for the MCU binary? When launching a binary that does not contain a csf, the binary just runs normally, but there are no HAB events generated. I launch the binaries from the U-boot command line. I have the e-fuses set with the SRK key hash, but the device is not yet closed. I do get HAB Events (or the boot gets stuck) for the other images if they are not signed or signed incorrectly.
I hope I am clear in describing my problems and hope that someone can help me setup HAB signing of MCU binaries.
Kind regards
Hi @Harvey021,
Thank you for the document. Is this document also publicly available online?
The document you send me is for the iMX7ULP with the M4, do you also have references on the iMX8MP with the M7?
Kind regards
Hi @nt-grt
Sorry, I don't have such a reference for i.MX8MP.
About pad the MCU binary, might firstly need to consider using IAR to compile the M-core program, and then see how its link script is written. suppose your M-core program runs in DDR, then you need to write down the IVT, load addr, and entry point. etc. as required in authenticate additional boot images. Assuming that it is loaded into the memory, if the memory of the 8MP board can be used by the m-core program and does not conflict with other programs in the memory, it will be fine.
About verifying MCU binary, similar to verify kernel, using command: hab_auth_img.
Best regards
Harvey
Hi @Harvey021,
Thank you for your reply.
I have found the linker script, but it's contents don't really make sense to me. It contains some Macros/variables, but I don't know where they get defined. Also I see a __VECTOR_TABLE and assume that this is the IVT, but in a hexdump of the binary I don't see values in the first 20 byes that could be the IVT, because the values would be too small.
The m7 binaries I use are the freertos variscite examples from this git repo: https://github.com/varigit/freertos-variscite/tree/mcuxpresso_sdk_2.13.x-var01/boards/dart_mx8mp/dem.... The linkerscript I mentioned is in `armgcc/MIMX8ML8xxxxx_cm7_ddr_ram.ld`. The first 0x440 bytes of the binary are shown below. If I'm wrong and the IVT is in this part please let me know.
0000000 0000 2002 051d 0000 05ad 0000 05b1 0000
0000010 05a9 0000 05a9 0000 05a9 0000 0000 0000
0000020 0000 0000 0000 0000 0000 0000 2161 0000
0000030 05a9 0000 0000 0000 23b1 0000 2419 0000
0000040 05c1 0000 05c5 0000 05c9 0000 05cd 0000
0000050 05d1 0000 05d5 0000 05d9 0000 05dd 0000
0000060 05e1 0000 05e5 0000 05e9 0000 05ed 0000
0000070 05f1 0000 05f5 0000 05f9 0000 05fd 0000
0000080 0601 0000 0605 0000 0609 0000 060d 0000
0000090 0611 0000 0615 0000 0619 0000 061d 0000
00000a0 0621 0000 0625 0000 0629 0000 062d 0000
00000b0 0631 0000 0635 0000 0639 0000 063d 0000
00000c0 0641 0000 0645 0000 0649 0000 064d 0000
00000d0 0651 0000 0655 0000 0659 0000 065d 0000
00000e0 0661 0000 0665 0000 0669 0000 066d 0000
00000f0 0671 0000 0675 0000 0679 0000 067d 0000
0000100 0681 0000 0685 0000 0689 0000 068d 0000
0000110 0691 0000 0695 0000 0699 0000 069d 0000
0000120 06a1 0000 06a5 0000 06a9 0000 06ad 0000
0000130 06b1 0000 06b5 0000 06b9 0000 06bd 0000
0000140 06c1 0000 06c5 0000 06c9 0000 06cd 0000
0000150 06d1 0000 06d5 0000 06d9 0000 06dd 0000
0000160 06e1 0000 06e5 0000 06e9 0000 06ed 0000
0000170 06f1 0000 06f5 0000 06f9 0000 06fd 0000
0000180 0701 0000 0705 0000 0709 0000 070d 0000
0000190 0711 0000 0715 0000 0719 0000 071d 0000
00001a0 0721 0000 0725 0000 0729 0000 072d 0000
00001b0 0731 0000 0735 0000 0739 0000 073d 0000
00001c0 0741 0000 1a1d 0000 0749 0000 074d 0000
00001d0 0751 0000 0755 0000 0759 0000 075d 0000
00001e0 0761 0000 0765 0000 0769 0000 076d 0000
00001f0 0771 0000 0775 0000 0779 0000 077d 0000
0000200 0781 0000 0785 0000 0789 0000 078d 0000
0000210 0791 0000 0795 0000 0799 0000 079d 0000
0000220 07a1 0000 07a5 0000 07a9 0000 07ad 0000
0000230 07b1 0000 07b5 0000 07b9 0000 07bd 0000
0000240 07c1 0000 07c5 0000 07c9 0000 07cd 0000
0000250 07d1 0000 07d5 0000 07d9 0000 07dd 0000
0000260 07e1 0000 07e5 0000 07e9 0000 07ed 0000
0000270 07f1 0000 07f5 0000 07f9 0000 07fd 0000
0000280 0801 0000 0805 0000 0809 0000 080d 0000
0000290 0811 0000 0815 0000 0819 0000 081d 0000
00002a0 0821 0000 0825 0000 0000 0000 0000 0000
00002b0 0000 0000 0000 0000 0000 0000 0000 0000
*
0000400 0001 0000 0001 0000 0000 0000 0000 0000
0000410 0014 0000 0003 0000 0007 0000 0000 0000
0000420 0001 0000 0000 0000 0000 0000 0200 0000
0000430 0000 4000 1000 0000 0100 0000 0000 0000
0000440 0000 0000 8000 4000 1000 0000 0100 0000