iMX8QP MEK Boot fails with Read public key error after Secure Storage Enable

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

iMX8QP MEK Boot fails with Read public key error after Secure Storage Enable

ソリューションへジャンプ
2,480件の閲覧回数
nishadkamdar
Contributor III

We have the iMX8QuadXPlus MEK CPU Board.

We followed the below steps to enable Secure Storage TA on this board.

Step 1: Built the Android image for the same using the android_p9.0.0_2.3.4 package.

Step 2: Flashed the trusty image using the following command:

 

./uuu_imx_android_flash.sh -f imx8qxp -a -e -u trusty-c0

 

Step 3: The board boots successfully.

Step 4: Entered the fastboot mode using reboot bootloader command on the target

Step 5: Tried to enable the Secure Storage using the following commands

 

root@XXXX:/android_build/out/target/product/mek_8q# fastboot stage rpmb_key_test.bin
target reported max download size of 419430400 bytes
sending 'rpmb_key_test.bin' (0 KB)...
OKAY [  0.028s]
finished. total time: 0.028s
root@XXXX://android_build/out/target/product/mek_8q# fastboot oem set-rpmb-key
...
OKAY [  0.152s]
finished. total time: 0.152s
root@test-Precision-3630-Tower:/home/nanduser/nishad_2_3_4/android_build/out/target/product/mek_8q#

 

Step 6: Got the following output :

 

Starting download of 36bytes

downloading of 36 bytes finished
RPMB key programmed successfully!
RPMB key blob generated!

 

Step 7: After reboot we see following error:

 

avb: 265: Error: missing public key file [0]
avb.c:108: ERROR avb_do_tipc: AVB service returned error (2)
fsl_validate_vbmeta_public_key_rpmb: Read public key error
avb_slot_verify.c:783: ERROR: vbmeta_a: Public key used to sign data rejected.
resetting ...

 

Step 9: The board then reboots again automatically.

How do I recover from this ?

Thanks you for your time,

Nishad

ラベル(1)
0 件の賞賛
返信
1 解決策
2,469件の閲覧回数
igorpadykov
NXP Employee
NXP Employee

Hi nishadkamdar

 

one can try to set public key as described in sect.3.3.3 Generating AVB key to sign and verify images

i.MX_Android_Security_User_Guide included in P9.0.0_2.3.4  release package.

$ fastboot oem set-public-key

 

Best regards
igor

元の投稿で解決策を見る

3 返答(返信)
2,470件の閲覧回数
igorpadykov
NXP Employee
NXP Employee

Hi nishadkamdar

 

one can try to set public key as described in sect.3.3.3 Generating AVB key to sign and verify images

i.MX_Android_Security_User_Guide included in P9.0.0_2.3.4  release package.

$ fastboot oem set-public-key

 

Best regards
igor

2,448件の閲覧回数
nishadkamdar
Contributor III

Hello Igor,

Thanks for the quick reply.

I tried the following steps and could boot the board:

Step 1: Flash the rpmb key.

Step 2: Reboot the board.

Step 3: Stop in uboot.

Step 4: enter fastboot mode using fastboot 0 command

Step 5: Flash the AVB public key.

Step 6: reboot the board

The boards boots successfully now.

Thanks and regards,

Nishad

 

0 件の賞賛
返信
1,244件の閲覧回数
intelav
Contributor II

How do we stop in uboot mode ? I have this imx8qx EVK kit and looking for better option for uboot command line to experiment. 

0 件の賞賛
返信