ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

imx93 enable secure boot fail base imx-6.1.55-2.2.0_security-reference-design.xml

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

imx93 enable secure boot fail base imx-6.1.55-2.2.0_security-reference-design.xml

‎04-26-2024 02:39 AM
2,131件の閲覧回数
Chihyu_Lin
Contributor III

Hi,

Base on meta-secure-boot source to enable secure boot and fuse prog on IMX93 A1 chip. Using CST-3.4.0 and folloging the instruction of imx93SRM, AN12312 and AN13994. Before program SRK_TABLE.bin value, got the following information from device.

u-boot=> ahab_status
Lifecycle: 0x00000008, OEM Open


        0x0287fad6
        IPC = MU APD (0x2)
        CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
        IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA)
        STA = ELE_SUCCESS_IND (0xD6)

        0x0287fad6
        IPC = MU APD (0x2)
        CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
        IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA)
        STA = ELE_SUCCESS_IND (0xD6)

After program fuse value got another error, I did not know which part of signing process got fail. 

u-boot=> ahab_status
Lifecycle: 0x00000008, OEM Open


        0x0287f0d6
        IPC = MU APD (0x2)
        CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
        IND = ELE_BAD_SIGNATURE_FAILURE_IND (0xF0)
        STA = ELE_SUCCESS_IND (0xD6)

        0x0287f0d6
        IPC = MU APD (0x2)
        CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
        IND = ELE_BAD_SIGNATURE_FAILURE_IND (0xF0)
        STA = ELE_SUCCESS_IND (0xD6)

 

ラベル(2)
ラベル
タグ(2)
0 件の賞賛
返信
5 返答(返信)

‎11-28-2024 02:44 AM
1,488件の閲覧回数
brati_7
Contributor I

Hi @Chihyu_Lin actually i am also using imx93 with yocto and i want secure boot i.MX 93 signed and encrypted AHAB image but as i am totally new to this i was unable to do after many attempts. What i did was added the layer to my source and then i am confused like how the generated how the keys generated what conf i need to add in local.conf and all can you please help me with this to provide steps!


Thanks & regards 
Brati

0 件の賞賛
返信

‎04-28-2024 12:17 AM
2,112件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

Hi, 

Which type of keys have you used? check if the below information is helpful.

<10.9.2 Prerequisites for preparing a signed image>

2. Prepare the keys using CST.
By default, the NXP CST Signer Tool uses standard keys of type ECC P256-SHA256 for i.MX 8/8x/8ULP/9
Family and RSA 2048-SHA256 for i.MX 6/7/8M Family, to be available in the download location of CST.
Follow the CST User Guide available in the CST package to generate the keys, certificates, SRK table/
fuses and for more information.
Note: (Optional) Create and populate csf_hab4.cfg and/or csf_ahab.cfg with the preferred key type
at the CST location to use your preferred PKI tree. The default configuration files are located at the CST
Signer work directory in Yocto build.

 

Regards

Harvey

返信

‎05-09-2024 08:15 PM
2,035件の閲覧回数
Chihyu_Lin
Contributor III
Thanks for your help, I write SGK key, but sign image with SRK. So got this kind of error.
0 件の賞賛
返信

‎12-17-2024 05:52 AM
1,332件の閲覧回数
michael_glembot
Contributor IV

@Chihyu_Lin @Harvey021 Are SGK's supported by the imx93? There is no reference in the imx93 reference or secure reference manual. Did you manage to run the SOC with the SGK's fuse.bin?

タグ(1)
0 件の賞賛
返信

‎12-17-2024 05:23 PM
1,321件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

@michael_glembot SGK not supported for i.MX93.

 

Regards

Harvey

0 件の賞賛
返信