Calling HAB API to authenticate signature on RT1052

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Calling HAB API to authenticate signature on RT1052

2,807 Views
ffloree
Contributor III

Hi,

Being trapped in some troubles about HAB API, I wanted to call HAB API in our bootloader to verify the bootloader its own signature, even though ROM code has done that, but I just want to verify the process of calling HAB API does work, but the code got stuck once calling hab_rvt.entry() function, let alone hab_rvt.authenticate_image(). I have read AN12263, AN4581, AN12079, HAB4_API.pdf from cst-3.1.0 and so on, but no clues I could find. See the test code below, and a block of OCRAM has been reserved.

By checking the RVT table, each member's address should be right according to AN12263. For example function entry(), the variable is located at 0x00200304 and its function located at 0x00201A81(not alignment?). See code above, why does it get stuck while entering function hab_rvt->entry()? Any else I missed?

Question 2, for function authenticate_image(), the paramter "bytes", what does it include? HABr_API.pdf said it's "Initial (possibly partial) image size on entry. Final image size on exit", is it [IVT+BootData+DCD+signed_image]? Do you have any sample of the use of HAB API?

0 Kudos
11 Replies

2,624 Views
HeMyFAE
NXP Employee
NXP Employee

Hi Tom,

Would you be able to share your HAB API code?

Regards,

hy

0 Kudos

2,624 Views
ffloree
Contributor III

I think this issue has been fixed, it was caused by some clock gates.

0 Kudos

2,624 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi tom fang

  Thanks for your updated information.

   Which detail clock gates you modified to fix the issues?

Best Regards,

Kerry

0 Kudos

2,625 Views
ffloree
Contributor III

Hi @Kerryzhou

It's "dcp_clk" on register CCM_CCGR0, this clock was off.

0 Kudos

2,625 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi tom fang

   Thanks so much for your sharing!

Best Regards,

Kerry

0 Kudos

2,625 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi tom fang ,

  Do you tried the flashloader to download the HAB signed app code directly, whether that works or not?

  Do you burn the fuse to close the HAB and the SRK?

  You want to do the HAB signed operation, not the HAB encrypted operation?

   BTW, please also share your source code, I will help you to check it.

Kerry

 

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

 

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos

2,625 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi tom fang

  Please give me more time to analysis it , any updated information, will let you know.

  Thanks a lot for your understanding.

Best Regards,

Kerry

0 Kudos

2,625 Views
ffloree
Contributor III

Thanks Kerry! With your help, I think we would fix it soon. :smileyhappy:

0 Kudos

2,625 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi tom fang ,

  Please also attach the code piece, instead of just the pictures, otherwise, I need to type the code, not copy your code.

  BTW, I have an MIMXRT105-EVKB board which already do the HAB encrypted, fuse burned with SRK, HAB closed.

  When you close the HAB, you still can debug the code on your side with the debugger?

  Please also tell me which IDE and the debugger you are using now? MCUXPresso IDE?

Best Regards,

Kerry

 

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

 

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos

2,625 Views
ffloree
Contributor III

  When you close the HAB, you still can debug the code on your side with the debugger?

- I can't debug the original code with signature, because the code run in flash, once JTAG downloads a new code into flash, the signature verification will be failed and the board couldn't bootup after power cycle.

  Please also tell me which IDE and the debugger you are using now? MCUXPresso IDE?

- I am using IAR with debugger Jlink.

0 Kudos

2,625 Views
ffloree
Contributor III

Thanks kerryzhou‌,

Could you review the code attached to the first content of this ticket? I want to explain my use case again, hope it helps for identifying the issues.

1. The attached code run in my bootloader, but the bootloader is also being signed and ROM code will authenticate it. This authenticate is correct, we have use it for a long time.

2. The attached code calls HAB API to verify my application which has a signature as well, but this signature is the same as my bootloader's, both use the same imx-flexspinor-normal-signed.bd except for different "startAddress" and "ivtOffset" (boot: startAddress = 0x60000000, ivtOffset = 0x1000; APP: startAddress = 0x60100000, ivtOffset = 0x0000;)

3. After power cycle, we can see the log below:

Printing HAB events from boot application...
HAB Configuration: 0xcc, HAB State: 0x99

--------- HAB Event 1 -----------------

event data:
<<omitted content>>


Calling HAB entry... <<being stuck here>>

So, it means my bootloader signature verification is passed, but while calling HAB API hab_rvt_entry(), MCU gets stuck. I don't think the verification process in the code is to be a problem, but some IC modules forgotten to be enabled, here is only OCOTP clock enabled, any clock else need to be enabled as well?

0 Kudos