Being trapped in some troubles about HAB API, I wanted to call HAB API in our bootloader to verify the bootloader its own signature, even though ROM code has done that, but I just want to verify the process of calling HAB API does work, but the code got stuck once calling hab_rvt.entry() function, let alone hab_rvt.authenticate_image(). I have read AN12263, AN4581, AN12079, HAB4_API.pdf from cst-3.1.0 and so on, but no clues I could find. See the test code below, and a block of OCRAM has been reserved.
By checking the RVT table, each member's address should be right according to AN12263. For example function entry(), the variable is located at 0x00200304 and its function located at 0x00201A81(not alignment?). See code above, why does it get stuck while entering function hab_rvt->entry()? Any else I missed?
Question 2, for function authenticate_image(), the paramter "bytes", what does it include? HABr_API.pdf said it's "Initial (possibly partial) image size on entry. Final image size on exit", is it [IVT+BootData+DCD+signed_image]? Do you have any sample of the use of HAB API?
Hi tom fang ，
Do you tried the flashloader to download the HAB signed app code directly, whether that works or not?
Do you burn the fuse to close the HAB and the SRK?
You want to do the HAB signed operation, not the HAB encrypted operation?
BTW, please also share your source code, I will help you to check it.
Hi tom fang ,
Please also attach the code piece, instead of just the pictures, otherwise, I need to type the code, not copy your code.
BTW, I have an MIMXRT105-EVKB board which already do the HAB encrypted, fuse burned with SRK, HAB closed.
When you close the HAB, you still can debug the code on your side with the debugger?
Please also tell me which IDE and the debugger you are using now? MCUXPresso IDE?
Could you review the code attached to the first content of this ticket? I want to explain my use case again, hope it helps for identifying the issues.
1. The attached code run in my bootloader, but the bootloader is also being signed and ROM code will authenticate it. This authenticate is correct, we have use it for a long time.
2. The attached code calls HAB API to verify my application which has a signature as well, but this signature is the same as my bootloader's, both use the same imx-flexspinor-normal-signed.bd except for different "startAddress" and "ivtOffset" (boot: startAddress = 0x60000000, ivtOffset = 0x1000; APP: startAddress = 0x60100000, ivtOffset = 0x0000;)
3. After power cycle, we can see the log below:
Printing HAB events from boot application...
HAB Configuration: 0xcc, HAB State: 0x99
--------- HAB Event 1 -----------------
Calling HAB entry... <<being stuck here>>
So, it means my bootloader signature verification is passed, but while calling HAB API hab_rvt_entry(), MCU gets stuck. I don't think the verification process in the code is to be a problem, but some IC modules forgotten to be enabled, here is only OCOTP clock enabled, any clock else need to be enabled as well?