imx93 enable secure boot fail base imx-6.1.55-2.2.0_security-reference-design.xml

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

imx93 enable secure boot fail base imx-6.1.55-2.2.0_security-reference-design.xml

559 次查看
Chihyu_Lin
Contributor III

Hi,

Base on meta-secure-boot source to enable secure boot and fuse prog on IMX93 A1 chip. Using CST-3.4.0 and folloging the instruction of imx93SRM, AN12312 and AN13994. Before program SRK_TABLE.bin value, got the following information from device.

u-boot=> ahab_status
Lifecycle: 0x00000008, OEM Open


        0x0287fad6
        IPC = MU APD (0x2)
        CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
        IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA)
        STA = ELE_SUCCESS_IND (0xD6)

        0x0287fad6
        IPC = MU APD (0x2)
        CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
        IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA)
        STA = ELE_SUCCESS_IND (0xD6)

After program fuse value got another error, I did not know which part of signing process got fail. 

u-boot=> ahab_status
Lifecycle: 0x00000008, OEM Open


        0x0287f0d6
        IPC = MU APD (0x2)
        CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
        IND = ELE_BAD_SIGNATURE_FAILURE_IND (0xF0)
        STA = ELE_SUCCESS_IND (0xD6)

        0x0287f0d6
        IPC = MU APD (0x2)
        CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
        IND = ELE_BAD_SIGNATURE_FAILURE_IND (0xF0)
        STA = ELE_SUCCESS_IND (0xD6)

 

标签 (2)
标记 (2)
0 项奖励
回复
2 回复数

540 次查看
Harvey021
NXP TechSupport
NXP TechSupport

Hi, 

Which type of keys have you used? check if the below information is helpful.

<10.9.2 Prerequisites for preparing a signed image>

2. Prepare the keys using CST.
By default, the NXP CST Signer Tool uses standard keys of type
ECC P256-SHA256 for i.MX 8/8x/8ULP/9
Family and
RSA 2048-SHA256 for i.MX 6/7/8M Family, to be available in the download location of CST.
Follow the CST User Guide available in the CST package to generate the keys, certificates, SRK table/
fuses and for more information.
Note: (Optional) Create and populate csf_hab4.cfg and/or csf_ahab.cfg with the preferred key type
at the CST location to use your preferred PKI tree. The default configuration files are located at the CST
Signer work directory in Yocto build.

 

Regards

Harvey

463 次查看
Chihyu_Lin
Contributor III
Thanks for your help, I write SGK key, but sign image with SRK. So got this kind of error.
0 项奖励
回复