Hi,
Base on meta-secure-boot source to enable secure boot and fuse prog on IMX93 A1 chip. Using CST-3.4.0 and folloging the instruction of imx93SRM, AN12312 and AN13994. Before program SRK_TABLE.bin value, got the following information from device.
u-boot=> ahab_status Lifecycle: 0x00000008, OEM Open 0x0287fad6 IPC = MU APD (0x2) CMD = ELE_OEM_CNTN_AUTH_REQ (0x87) IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA) STA = ELE_SUCCESS_IND (0xD6) 0x0287fad6 IPC = MU APD (0x2) CMD = ELE_OEM_CNTN_AUTH_REQ (0x87) IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA) STA = ELE_SUCCESS_IND (0xD6)
After program fuse value got another error, I did not know which part of signing process got fail.
u-boot=> ahab_status Lifecycle: 0x00000008, OEM Open 0x0287f0d6 IPC = MU APD (0x2) CMD = ELE_OEM_CNTN_AUTH_REQ (0x87) IND = ELE_BAD_SIGNATURE_FAILURE_IND (0xF0) STA = ELE_SUCCESS_IND (0xD6) 0x0287f0d6 IPC = MU APD (0x2) CMD = ELE_OEM_CNTN_AUTH_REQ (0x87) IND = ELE_BAD_SIGNATURE_FAILURE_IND (0xF0) STA = ELE_SUCCESS_IND (0xD6)
Hi,
Which type of keys have you used? check if the below information is helpful.
<10.9.2 Prerequisites for preparing a signed image>
2. Prepare the keys using CST.
By default, the NXP CST Signer Tool uses standard keys of type ECC P256-SHA256 for i.MX 8/8x/8ULP/9
Family and RSA 2048-SHA256 for i.MX 6/7/8M Family, to be available in the download location of CST.
Follow the CST User Guide available in the CST package to generate the keys, certificates, SRK table/
fuses and for more information.
Note: (Optional) Create and populate csf_hab4.cfg and/or csf_ahab.cfg with the preferred key type
at the CST location to use your preferred PKI tree. The default configuration files are located at the CST
Signer work directory in Yocto build.
Regards
Harvey