Using mainline u-boot v2021.10 and imx-mkimage lf-5.10.72_2.2.0 on a imx8mm with the closed fuse bit set, I am able to get the SPL to run / authenticate. Unfortunately when the SPL tries to extend the root of trust to u-boot, it goes into re-boot loop with...
Authenticate image from DDR location 0x42202b90...
Error: Invalid IVT structure
spl: ERROR: image authentication unsuccessful
Prior to closing, I ran the hab_status command and got no hab events. I triple checked, then I closed the imx8mm.
========= OFFSET dump =========
Loader IMAGE:
header_image_off 0x0
dcd_off 0x0
image_off 0x40
csf_off 0x35a00
spl hab block: 0x7e0fc0 0x0 0x35a00
Second Loader IMAGE:
sld_header_off 0x57c00
sld_csf_off 0x58c20
sld hab block: 0x401fcdc0 0x57c00 0x1020
output of print_fit_hab.sh
ATF_LOAD_ADDR=0x00920000 VERSION="v1" ./print_fit_hab.sh 0x60000 nad-19som.dtb
0x40200000 0x5AC00 0xA3018
0x402A3018 0xFDC18 0x6BD0
0x920000 0x1047E8 0x9160
my cst_fit.txt
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
# Index of the key location in the SRK table to be installed
File = "/home/drwho/work/sovi/cst-3.3.1/crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
# Key used to authenticate the CSF data
File = "/home/drwho/work/sovi/cst-3.3.1/crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target index = 2
# Key to install
File = "/home/drwho/work/sovi/cst-3.3.1/crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = \
0x401fcdc0 0x00057c00 0x00001020 "flash.bin", \
0x40200000 0x0005AC00 0x000A3018 "flash.bin", \
0x402A3018 0x000FDC18 0x00006BD0 "flash.bin", \
0x00920000 0x001047e8 0x00009160 "flash.bin"
