iMX8MM secure boot signed kernel but HAB Event present

Ben_Teng · ‎06-13-2023

Hi,

Currently I'm working on secure boot enablement, after I enable secure boot, I got a EVENT shown as below, how can I fix it? Additionally, here's my genIVT.pl & csf_additional_images.txt and Signed/Unsigned Images as attachement.

Authenticate image from DDR location 0x40480000...

Secure boot enabled

HAB Configuration: 0xcc, HAB State: 0x99

--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x42 0x70 0x10 0x00
0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

secure boot is already enabled:

u-boot=> hab_status

Secure boot enabled

HAB Configuration: 0xcc, HAB State: 0x99
No HAB Events Found!

Many Thanks!

Ben

Harvey021 · ‎06-14-2023

Hi @Ben_Teng

It seems your signed data not including (paddings + IVT) in your CSF authenticate data.

Best regards

Harvey

在原帖中查看解决方案

Harvey021 · ‎06-14-2023

Hi @Ben_Teng

It seems your signed data not including (paddings + IVT) in your CSF authenticate data.

Best regards

Harvey

Ben_Teng · ‎06-25-2023

Hi @Harvey021 ,

Thanks for your help.

Right, that is the problem is.

Now I can boot the chip with secure boot.

Big thanks !

Best Regards,

Ben