iMX8MM secure boot signed kernel but HAB Event present

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

iMX8MM secure boot signed kernel but HAB Event present

Jump to solution
744 Views
Ben_Teng
Contributor I

Hi,

Currently I'm working on secure boot enablement, after I enable secure boot, I got a EVENT shown as below, how can I fix it? Additionally, here's my genIVT.pl & csf_additional_images.txt and Signed/Unsigned Images as attachement.

Authenticate image from DDR location 0x40480000...

Secure boot enabled

HAB Configuration: 0xcc, HAB State: 0x99

--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x42 0x70 0x10 0x00
0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

 

 

secure boot is already enabled:

u-boot=> hab_status

Secure boot enabled

HAB Configuration: 0xcc, HAB State: 0x99
No HAB Events Found!

 

Many Thanks!

 

Ben

 

0 Kudos
Reply
1 Solution
718 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi @Ben_Teng 

It seems your signed data not including (paddings + IVT) in your CSF authenticate data.

Harvey021_0-1686737740842.png

 

Best regards

Harvey

View solution in original post

0 Kudos
Reply
2 Replies
719 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi @Ben_Teng 

It seems your signed data not including (paddings + IVT) in your CSF authenticate data.

Harvey021_0-1686737740842.png

 

Best regards

Harvey

0 Kudos
Reply
667 Views
Ben_Teng
Contributor I

Hi @Harvey021 ,

Thanks for your help.

Right, that is the problem is.

 

Now I can boot the chip with secure boot.

 

Big thanks !

 

Best Regards,

Ben

 

0 Kudos
Reply