imx93 enable secure boot fail base imx-6.1.55-2.2.0_security-reference-design.xml

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

imx93 enable secure boot fail base imx-6.1.55-2.2.0_security-reference-design.xml

557件の閲覧回数
Chihyu_Lin
Contributor III

Hi,

Base on meta-secure-boot source to enable secure boot and fuse prog on IMX93 A1 chip. Using CST-3.4.0 and folloging the instruction of imx93SRM, AN12312 and AN13994. Before program SRK_TABLE.bin value, got the following information from device.

u-boot=> ahab_status
Lifecycle: 0x00000008, OEM Open


        0x0287fad6
        IPC = MU APD (0x2)
        CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
        IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA)
        STA = ELE_SUCCESS_IND (0xD6)

        0x0287fad6
        IPC = MU APD (0x2)
        CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
        IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA)
        STA = ELE_SUCCESS_IND (0xD6)

After program fuse value got another error, I did not know which part of signing process got fail. 

u-boot=> ahab_status
Lifecycle: 0x00000008, OEM Open


        0x0287f0d6
        IPC = MU APD (0x2)
        CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
        IND = ELE_BAD_SIGNATURE_FAILURE_IND (0xF0)
        STA = ELE_SUCCESS_IND (0xD6)

        0x0287f0d6
        IPC = MU APD (0x2)
        CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
        IND = ELE_BAD_SIGNATURE_FAILURE_IND (0xF0)
        STA = ELE_SUCCESS_IND (0xD6)

 

ラベル(2)
タグ(2)
0 件の賞賛
返信
2 返答(返信)

538件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

Hi, 

Which type of keys have you used? check if the below information is helpful.

<10.9.2 Prerequisites for preparing a signed image>

2. Prepare the keys using CST.
By default, the NXP CST Signer Tool uses standard keys of type
ECC P256-SHA256 for i.MX 8/8x/8ULP/9
Family and
RSA 2048-SHA256 for i.MX 6/7/8M Family, to be available in the download location of CST.
Follow the CST User Guide available in the CST package to generate the keys, certificates, SRK table/
fuses and for more information.
Note: (Optional) Create and populate csf_hab4.cfg and/or csf_ahab.cfg with the preferred key type
at the CST location to use your preferred PKI tree. The default configuration files are located at the CST
Signer work directory in Yocto build.

 

Regards

Harvey

461件の閲覧回数
Chihyu_Lin
Contributor III
Thanks for your help, I write SGK key, but sign image with SRK. So got this kind of error.
0 件の賞賛
返信