RT1050 - why am I getting HAB_WARNING: HAB_UNS_ENGINE/HAB_CTX_COMMAND ?

rshipman · ‎01-22-2020

I am getting HAB warnings on a signed XIP image on a RT1050-EVKB eval board.

I used MCUXpresso to create an iled_blinky demo for the RT1050-EVKB.
I set XIP_BOOT_HEADER_ENABLE=0
The rest of the properties/settings are the default.

I then used elftosb/sdphost/blhost to create and load the bootable image into flash on the RT1050-EVKB.
This board has the SRK fuses burnt.

The demo runs, but I get this HAB warning:

------------+----+------+----+-------------------------------------------------
Persistent | T | L | P | Contents
Memory | a | e | a |
Record | g | n | r |
Type | | g | |
| | t | |
| | h | |
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x002c|0x43| SRCE Field: 69 0a c0 00
| | | | STS = HAB_WARNING (0x69)
| | | | RSN = HAB_UNS_ENGINE (0x0A)
| | | | CTX = HAB_CTX_COMMAND (0xC0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Cmd Field: 0xca002400
| | | | CMD: HAB_CMD_AUT_DAT (0xca)
| | | | LEN: 0x0024
| | | | FLG: 0x00
| | | | FLAGS: AUT_DAT_CLR (0x00)
| | | | KPEC Field: 0x02c51b00
| | | | KEY: 0x02
| | | | PCL: HAB_PCL_CMS (0xC5)
| | | | Sig. Start: 0x00000d54
| | | | Blk start/bytes:
| | | | 60 00 10 00 00 00 00 20 60 00 10 20 00 00 00 20
| | | | 60 00 20 00 00 00 32 10
------------+----+------+----+-------------------------------------------------

Here is the bd file I used to create the bootable image (which is basically the example from the Flashloader_i.MXRT1050_GA package):

options {
flags = 0x08;
startAddress = 0x60000000;
ivtOffset = 0x1000;
initialLoadSize = 0x2000;
//DCDFilePath = "dcd.bin";
# Note: This is required if the cst and elftsb are not in the same folder
// cstFolderPath = "/Users/nxf38031/Desktop/CSTFolder";
# Note: This is required if the default entrypoint is not the Reset_Handler
# Please set the entryPointAddress to Reset_Handler address
// entryPointAddress = 0x60002411;
}

sources {
elfFile = extern(0);
}

constants {
SEC_CSF_HEADER = 20;
SEC_CSF_INSTALL_SRK = 21;
SEC_CSF_INSTALL_CSFK = 22;
SEC_CSF_INSTALL_NOCAK = 23;
SEC_CSF_AUTHENTICATE_CSF = 24;
SEC_CSF_INSTALL_KEY = 25;
SEC_CSF_AUTHENTICATE_DATA = 26;
SEC_CSF_INSTALL_SECRET_KEY = 27;
SEC_CSF_DECRYPT_DATA = 28;
SEC_NOP = 29;
SEC_SET_MID = 30;
SEC_SET_ENGINE = 31;
SEC_INIT = 32;
SEC_UNLOCK = 33;
}

section (SEC_CSF_HEADER;
Header_Version="4.2",
Header_HashAlgorithm="sha256",
Header_Engine="DCP",
Header_EngineConfiguration=0,
Header_CertificateFormat="x509",
Header_SignatureFormat="CMS"
)
{
}

section (SEC_CSF_INSTALL_SRK;
InstallSRK_Table="crts/SRK_1_2_3_4_table.bin", // "valid file path"
InstallSRK_SourceIndex=0
)
{
}

section (SEC_CSF_INSTALL_CSFK;
InstallCSFK_File="crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem", // "valid file path"
InstallCSFK_CertificateFormat="x509" // "x509"
)
{
}

section (SEC_CSF_AUTHENTICATE_CSF)
{
}

section (SEC_CSF_INSTALL_KEY;
InstallKey_File="crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem",
InstallKey_VerificationIndex=0, // Accepts integer or string
InstallKey_TargetIndex=2) // Accepts integer or string
{
}

section (SEC_CSF_AUTHENTICATE_DATA;
AuthenticateData_VerificationIndex=2,
AuthenticateData_Engine="DCP",
AuthenticateData_EngineConfiguration=0)
{
}

Why am I getting this HAB warning please?

For the equivalent demo (signed xip) running on the RT1020-EVK (with the SRK fuses burnt to the same values), I get no HAB errors or warnings.
Both the RT1050 and RT1020 use an identical .bd file.

What is going on please?

Please find attached the iled_blinky demos and working directory.

victorjimenez · ‎01-30-2020

Hello,

Where are you seeing these warnings?
Could you please use the bd files that are provided within the SDK for the RT1050-EVKB, you will find these files on the following path: SDK_2.6.1_EVKB-IMXRT1050\middleware\mcu-boot\bin\Tools\bd_file\imxrt105x. If you use these files, do you still see the warnings?

Regards,

Victor

rshipman · ‎02-05-2020

Hi Victor,

Thanks for looking at this.

The warnings are in the HAB error log which I extract using gdb. See my posting: https://community.nxp.com/thread/521756

I have attached a new file: iled_blinky_signed_at_0x60000000__nxp.zip

This contains the results of using the .bd files in the SDK – with no edits.

The results are exactly the same as before, i.e. that same HAB_UNS_ENGINE/HAB_CTX_COMMAND warning.

Note that I did a windiff on the .bd file directories in the release package and the SDK.

I.e.:

SDK_2.6.1_EVKB-IMXRT1050\middleware\mcu-boot\bin\Tools\bd_file\imxrt105x\

Flashloader_i.MXRT1050_GA\Flashloader_RT1050_1.1\Tools\bd_file\imx10xx\

All the files are the same apart from this one: program_semcnand_image.bd

(I don’t use this file, and the difference between them is simply one missing character - which is a typo in the release package version. Might want to forward that to your release package team.)

victorjimenez · ‎02-17-2020

Hello,

Sorry for the late response, I'm currently checking with the applications team what might be the cause of these warnings. I will give you an update as soon as possible.

Regards,

Victor

victorjimenez · ‎03-02-2020

Hello,

Sorry for the late response. The warning comes from an incorrect version of elftosb.exe, the early elftosb.exe is incorrect. To generate input.csf, the version of RT1050 FLASHLOADER release package is older. Customer could fix it by the below methods:

1. Try to use elftosb.exe in RT1020 FLASHLOADER release package when the customer is making a secure boot with the RT1050-EVKB.

2. Remove SEC_SET_ENGINE section from imx-flexspinor-normal-signed.bd

Regards,

Victor

RT1050 - why am I getting HAB_WARNING: HAB_UNS_ENGINE/HAB_CTX_COMMAND ?

RT1050 - why am I getting HAB_WARNING: HAB_UNS_ENGINE/HAB_CTX_COMMAND ?

i.MXRT 105x