Description Patch Recovery image download steps Output log Finale Remarks Description The secure boot process in an i.MX8M device requires the initial boot image (SPL) to be signed which authenticates a signed FIT image by calling HAB API. For more details on i.MX8M secure boot, please refer AN4581 app note and u-boot docs. When the FIT image authentication fails in a closed device, the SPL hangs forever in an infinite loop which requires a system reset. Instead, the chip can be made to enter the serial download mode (SDP) so that a correctly signed FIT image can be downloaded again to continue the boot process. The chip can be entered into SDP mode from SPL using this in-built feature. Patch This patch adds the capability to move the chip into Serial Download Mode so that a new FIT image can be downloaded. diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
index 2320ac9..ecfed9e 100644
--- a/arch/arm/mach-imx/spl.c
+++ b/arch/arm/mach-imx/spl.c
@@ -298,11 +298,15 @@ ulong board_spl_fit_size_align(ulong size)
void board_spl_fit_post_load(ulong load_addr, size_t length)
{
uint32_t offset = length - CONFIG_CSF_SIZE;
if (imx_hab_authenticate_image(load_addr,
offset + IVT_SIZE + CSF_PAD_SIZE,
offset)) {
puts("spl: ERROR: image authentication unsuccessful\n");
- hang();
+ g_dnl_unregister();
+ //goto SDP mode from SPL
+ spl_sdp_load_image(NULL, NULL);
}
}
diff --git a/common/spl/spl_sdp.c b/common/spl/spl_sdp.c
index d59ddc8..b1cdad0 100644
--- a/common/spl/spl_sdp.c
+++ b/common/spl/spl_sdp.c
@@ -18,7 +18,7 @@ void board_sdp_cleanup(void)
board_usb_cleanup(CONFIG_SPL_SDP_USB_DEV, USB_INIT_DEVICE);
}
-static int spl_sdp_load_image(struct spl_image_info *spl_image,
+int spl_sdp_load_image(struct spl_image_info *spl_image,
struct spl_boot_device *bootdev)
{
int ret;
diff --git a/include/spl.h b/include/spl.h
index efb5833..f07e1b5 100644
--- a/include/spl.h
+++ b/include/spl.h
@@ -314,4 +314,8 @@ void spl_invoke_atf(struct spl_image_info *spl_image);
* can implement 'board_return_to_bootrom'.
*/
void board_return_to_bootrom(void);
+
+int spl_sdp_load_image(struct spl_image_info *spl_image,
+ struct spl_boot_device *bootdev);
#endif Recovery image download steps Once the patch is implemented into SPL, the chip would directly go into SDP mode once the FIT image authentication fails. Following are the steps to download a new FIT image using UUU. UUU command to download new signed FIT: uuu SDPV: write -f flash.bin -skipspl UUU command to jump to new FIT: uuu SDPV: jump Once done, the new FIT image will be downloaded and the authentication process will continue to authenticate the FIT image and continue the boot process. Output log U-Boot SPL 2018.03-01236-g73af2fc-dirty (Nov 19 2019 - 14:01:) power_bd71837_init DDRINFO: start DRAM init DRAM PHY training for 3000MTS check ddr_pmu_train_imem code check ddr_pmu_train_imem code pass check ddr_pmu_train_dmem code check ddr_pmu_train_dmem code pass Training PASS DRAM PHY training for 400MTS check ddr_pmu_train_imem code check ddr_pmu_train_imem code pass check ddr_pmu_train_dmem code check ddr_pmu_train_dmem code pass Training PASS DRAM PHY training for 100MTS check ddr_pmu_train_imem code check ddr_pmu_train_imem code pass check ddr_pmu_train_dmem code check ddr_pmu_train_dmem code pass Training PASS DRAM PHY training for 3000MTS check ddr_pmu_train_imem code check ddr_pmu_train_imem code pass check ddr_pmu_train_dmem code check ddr_pmu_train_dmem code pass Training PASS DDRINFO:ddrphy calibration done DDRINFO: ddrmix config done Normal Boot Trying to boot from MMC1 Authenticate image from DDR location 0x401fcdc0... Error: CSF header command not found spl: ERROR: image authentication unsuccessful <---------- FIT authentication fails SDP: initialize... <---------- SPL pushes chip in SDP mode SDP: handle requests... Downloading file of size 912688 to 0x40400000... done <---------- UUU command to download new signed FIT: “./uuu SDPV: write -f flash.bin -skipspl” Jumping to header at 0x40400000 <---------- UUU command to jump to new FIT: “./uuu SDPV: jump” Header Tag is not an IMX image Found header at 0x4042a200 Authenticate image from DDR location 0x401fcdc0... U-Boot 2018.03-01236-g73af2fc-dirty (Nov 19 2019 - 14:01:23 -) CPU: Freescale i.MX8MMQL rev1.0 1800 MHz (running at 1200 M) CPU: Commercial temperature grade (0C to 95C) at 44C Reset cause: POR Model: FSL i.MX8MM EVK board DRAM: 2 GiB TCPC: Vendor ID [0x1fc9], Product ID [0x5110], Addr [I2C1 0x] Power supply on USB2 TCPC: Vendor ID [0x1fc9], Product ID [0x5110], Addr [I2C1 0x] MMC: FSL_SDHC: 0, FSL_SDHC: 1 Loading Environment from MMC... *** Warning - bad CRC, using t Failed (-5) No panel detected: default to MIPI2HDMI adv7535_init: Can't find device id=0x3d, on bus 1 Display: MIPI2HDMI (1920x1080) Video: 1920x1080x24 In: serial Out: serial Err: serial BuildInfo: - ATF 1355c5d - U-Boot 2018.03-01236-g73af2fc-dirty switch to partitions #0, OK mmc0 is current device flash target is MMC:0 Net: Error: ethernet@30be0000 address not set. No ethernet found. Fastboot: Normal Normal Boot Hit any key to stop autoboot: 0 u-boot=> hab_status Secure boot disabled HAB Configuration: 0xf0, HAB State: 0x66 --------- HAB Event 1 ----------------- <----------- HAB events created from initial FIT image auth failure and cannot be removed event data: 0xdb 0x00 0x08 0x43 0x33 0x11 0xcf 0x00 STS = HAB_FAILURE (0x33) RSN = HAB_INV_CSF (0x11) CTX = HAB_CTX_CSF (0xCF) ENG = HAB_ENG_ANY (0x00) --------- HAB Event 2 ----------------- event data: 0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00 0x00 0x00 0x00 0x00 0x00 0x7e 0x0f 0xc0 0x00 0x00 0x00 0x20 STS = HAB_FAILURE (0x33) RSN = HAB_INV_ASSERTION (0x0C) CTX = HAB_CTX_ASSERT (0xA0) ENG = HAB_ENG_ANY (0x00) --------- HAB Event 3 ----------------- event data: 0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00 0x00 0x00 0x00 0x00 0x00 0x7e 0x0f 0xe0 0x00 0x00 0x00 0x01 STS = HAB_FAILURE (0x33) RSN = HAB_INV_ASSERTION (0x0C) CTX = HAB_CTX_ASSERT (0xA0) ENG = HAB_ENG_ANY (0x00) --------- HAB Event 4 ----------------- event data: 0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00 0x00 0x00 0x00 0x00 0x00 0x7e 0x10 0x00 0x00 0x00 0x00 0x04 STS = HAB_FAILURE (0x33) RSN = HAB_INV_ASSERTION (0x0C) CTX = HAB_CTX_ASSERT (0xA0) ENG = HAB_ENG_ANY (0x00) u-boot=> Finale Remarks Please note that the HAB events from the initial authentication failure of FIT image will still exist in the HAB persistent memory and thus will still be visible in the when hab_status command is called from u-boot or the HAB persistent memory is parsed using hab_log_parser. The reason being that the HAB persistent memory only gets initialized/cleaned during system reset. The HAB events from the initial authentication failure can be ignored. P.S - This doc is updated as of 01/21/2020
View full article