Hello NXP,
We need help in enabling Secure boot on Imx6ull-14x14 evk.We followed Steps from the Document in the link Guide to create a signed Uboot. We ran the signed u-boot without Fusing the SRK keys. At the U-boot prompt ,the hab_status command displays "NO HAB events Found!".Could you guide us in telling why HAB failure events are not generated.
In addition to that We have tried Padding CSF bin file to 0x2000 and flashing the signed U-boot.Still We observe the same behaviour.
On Padding the CSF file to 0x4000,the signed u-boot gives hab_status failure events, even after Overriding the SRK Keys.
Note:We are using fuse override <bank> <word> <value> after reset for checking hab_status.
The CSF file used is
[Header]
Version = 4.2
Hash Algorithm = sha256
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
Engine = SW
[Install SRK]
# Index of the key location in the SRK table to be installed
File = "../../crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install NOCAK]
# Key used to authenticate the CSF data
File = "../../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target Index = 2
# Key to install
File= "../../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x877ff400 0x00000000 0x00070c00 "u-boot-dtb.imx"
Note: The data for Blocks= is taken from u-boot-dtb.imx.log
Please help us with your valuable support to solve this problem
Thanks.
An additional info...
We are using the SRK keys generated from NXP CST tools which is same as what is used to sign the Uboot.