Hello,
I'm trying to get secure boot working on an imx8m board but the HAB reports a warning event. I'm _not_ using the multi stage configuration with uboot spl + uboot but only loading a first stage loader into the TCM ram.
SoC: IMX8M quad-lite, 1.0
CST: 3.3.0
imx-mkimage: rel_imx_4.14.98_2.3.0
CSF file:
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS[Install SRK]
# This selects which key is used for signing: index = IMG(n-1)
File = ""pki/imx6ul_hab_testkeys/SRK_1_2_3_4_table.bin""
Source index = 0[Install CSFK]
# Key used to authenticate the CSF data
File = ""pki/imx6ul_hab_testkeys/CSF1_1_sha256_4096_65537_v3_usr_crt.pem""[Authenticate CSF]
# Whole line comment[Unlock]
# Leave Job Ring and DECO master ID registers Unlocked
Engine = CAAM
Features = MID[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Key to install
Target index = 2
# Key to install
File = ""pki/imx6ul_hab_testkeys/IMG1_1_sha256_4096_65537_v3_usr_crt.pem""
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x7E0FC0 0x1a000 0x22000 "build-pico8ml/pb_pad.imx"
HAB event:
I hab_has_no_errors: configuration: 0xf0, state: 0x66
I hab_has_no_errors: result = 105
W hab_has_no_errors: 1, event data:
0xdb 0x0 0x24 0x43 0x69 0x30 0xe1 0x1d 0x0 0x8 0x0 0x2 0x40 0x0 0x4 0xcc 0x55 0x55 0x0 0x3f 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x5
From what I understand this decodes to:
Header:
0xdb 0x0 0x24 0x43
-Size---
Event HAB Version: 4.3
SRCE:
0x69 0x30 0xe1 0x1d
STS RSN CTX ENG
Warning
HAB_ENG_FAIL
HAB_CTX_ENTRY
HAB_ENG_CAAM0x00 0x08 0x00 0x02
0x40 0x00 0x04 0xcc
0x55 0x55 0x00 0x3f
0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x05
Yes, you can refer to this mx8m_mx8mm_secure_boot.txt\guides\habv4\imx\doc - uboot-imx - i.MX U-Boot
Did you even read the post/question?
You're linking to a document thats in the original post, how is that supposed to be helpful?
Jonas
Hi Jonas,
Sorry about the last reply. For i.MX8M secure boot materials are not public, so we can not share you more. If you need you have to sign the NDA with NXP firstly.
Have a nice day
Best Regards
Rita