Enable Secure Boot in Imx6ull-14x14

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enable Secure Boot in Imx6ull-14x14

1,055 Views
Rajashree
Contributor I

Hello NXP,

We need  help in enabling Secure boot on Imx6ull-14x14 evk.We followed Steps from the Document in the link  Guide  to create a signed Uboot. We ran the signed u-boot without Fusing the SRK keys. At the U-boot prompt ,the hab_status command displays "NO HAB events Found!".Could you guide us in telling why HAB failure events are not generated.

In addition to that We have tried Padding CSF bin file to 0x2000 and flashing the signed U-boot.Still We observe the same behaviour.

On Padding the CSF file to 0x4000,the signed u-boot gives hab_status failure events, even after Overriding the SRK Keys.

Note:We are using fuse override <bank> <word> <value> after reset for checking hab_status.

The CSF file used is

[Header]
Version = 4.2
Hash Algorithm = sha256
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
Engine = SW

[Install SRK]
# Index of the key location in the SRK table to be installed
File = "../../crts/SRK_1_2_3_4_table.bin"
Source index = 0

[Install NOCAK]
# Key used to authenticate the CSF data
File = "../../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target Index = 2
# Key to install
File= "../../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x877ff400 0x00000000 0x00070c00 "u-boot-dtb.imx"

Note:  The data for Blocks= is taken from u-boot-dtb.imx.log

Please help us with your valuable support to solve this problem

Thanks.

0 Kudos
Reply
1 Reply

1,047 Views
Rajashree
Contributor I

An additional info...

We are using the SRK keys generated from NXP CST tools which is same as what is used to sign the Uboot.

0 Kudos
Reply