Hello,
we would like to use u-boot binary built for imx8m mini with CONFIG_SECURE_BOOT=y for both loading unsigned images ( on devices with secure boot disabled ) and for signed images ( on devices with secure boot enabled ).
If we boot an unsigned ( kernel ) image on a device that has secure boot disabled we can see these messages from u-boot:
hab fuse not enabled
Authenticate image from DDR location 0x40xxxxx...
bad magic magic=0xed length=0x41 version=0x0
bad length magic=0xed length=0x41 version=0x0
bad version magic=0xed length=0x41 version=0x0
Error: Invalid IVT structure
Allowed IVT structure:
IVT HDR = 0x4X2000D1
IVT ENTRY = 0xXXXXXXXX
IVT RSV1 = 0x0
IVT DCD = 0x0
IVT BOOT_DATA = 0xXXXXXXXX
IVT SELF = 0xXXXXXXXX
IVT CSF = 0xXXXXXXXX
IVT RSV2 = 0x0
In order to avoid these message we thought to add an IVT table, that worked and now the only message shown is :
hab fuse not enabled
Authenticate image from DDR location 0x40480000...
Error: CSF header command not found
## Flattened Device Tree blob at xxxaddressxx
Booting using the fdt blob at xxxaddressxxx
Loading Device Tree to xxx, end xxxx ... OK
this CSF header command not found message is also shown when HAB loads the bootloaders ( that are unsigned as well).
what is the best way to avoid showing this error CSF header command not found ?
I tried adding a n empty CSF file but apart from the version in the header, it requires the SRK table file :
"Missing mandatory argument File in command InstallSRK"
we wouldn't like to add any reference to keys or certificates on these unsigned images.
In general, what do you suggest to do to boot unsigned images to avoid showing errors related to IVT or CSF not found ?
thank you
