FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

imx8mm secure boot with mainline u-boot v2021.10 - Invalid IVT structure

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

imx8mm secure boot with mainline u-boot v2021.10 - Invalid IVT structure

‎04-25-2022 02:06 PM
891 Views
Jon_Bagg
Contributor III

Using mainline u-boot v2021.10 and imx-mkimage lf-5.10.72_2.2.0 on a imx8mm with the closed fuse bit set, I am able to get the SPL to run / authenticate.  Unfortunately when the SPL tries to extend the root of trust to u-boot, it goes into re-boot loop with...

Authenticate image from DDR location 0x42202b90...
Error: Invalid IVT structure
spl: ERROR: image authentication unsuccessful

Prior to closing, I ran the hab_status command and got no hab events.  I triple checked, then I closed the imx8mm.

========= OFFSET dump =========
Loader IMAGE:
header_image_off       0x0
dcd_off                0x0
image_off              0x40
csf_off                0x35a00
spl hab block:         0x7e0fc0 0x0 0x35a00

Second Loader IMAGE:
sld_header_off         0x57c00
sld_csf_off            0x58c20
sld hab block:         0x401fcdc0 0x57c00 0x1020

output of print_fit_hab.sh

ATF_LOAD_ADDR=0x00920000 VERSION="v1" ./print_fit_hab.sh 0x60000 nad-19som.dtb  
0x40200000 0x5AC00 0xA3018
0x402A3018 0xFDC18 0x6BD0
0x920000 0x1047E8 0x9160

my cst_fit.txt

[Header]
   Version = 4.3
   Hash Algorithm = sha256
   Engine = CAAM
   Engine Configuration = 0
   Certificate Format = X509
   Signature Format = CMS

[Install SRK]
   # Index of the key location in the SRK table to be installed
   File = "/home/drwho/work/sovi/cst-3.3.1/crts/SRK_1_2_3_4_table.bin"
   Source index = 0

[Install CSFK]
   # Key used to authenticate the CSF data
   File = "/home/drwho/work/sovi/cst-3.3.1/crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
   # Key slot index used to authenticate the key to be installed
   Verification index = 0
   # Target key slot in HAB key store where key will be installed
   Target index = 2
   # Key to install
   File = "/home/drwho/work/sovi/cst-3.3.1/crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate Data]
   # Key slot index used to authenticate the image data
   Verification index = 2
   # Authenticate Start Address, Offset, Length and file
   Blocks = \
       0x401fcdc0 0x00057c00 0x00001020 "flash.bin", \  
       0x40200000 0x0005AC00 0x000A3018 "flash.bin", \  
       0x402A3018 0x000FDC18 0x00006BD0 "flash.bin", \  
       0x00920000 0x001047e8 0x00009160 "flash.bin"

Labels (1)
0 Kudos
Reply
1 Reply

‎05-23-2022 07:37 AM
845 Views
Julie3
Contributor II

Hi @Jon_Bagg 

 

I encountered the same issue as you (enabled secure boot with no hab events, but cannot flash eMMC anymore).

Did you manage to solve the problem?

 

Best regards,

Julie

0 Kudos
Reply