HAB on i.MX6

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HAB on i.MX6

3,806 Views
sp1
Contributor II

Hi.

It is, obviously, not easy to find anything about this topic around.

I have both a i.MX6Q and a i.MX6S board which boot a signed u-boot compiled from https://github.com/Freescale/u-boot-imx. This was fairly easy using the HAB CST UG and the HAB V4 API RM. My boards are not fused, so I can boot unsigned images, but the hab status returns No HAB events found! I take that as a good sign :-)

The I will verify and boot Linux, and then some questions show up. But first: I have extended u-boot with more hab commands in the file arch/arm/cpu/armv7/mx6/hab.c to call other functions in HAB ROM function table (run_csf, assert, authenticate image). I can manipulate the images and use those functions to generate various hab states in a way that assures me that I do a lot of things correct. My first try in uImage was to wrap it the same way as u-boot.imx with the IVT first, padding out, a CSF at the correct place pointed to from the IVT, no DCD, etc.The uImage is compiled with 0x10800000 as load address. When I wrap it, I use 0x20000000 as load address. So the IVT points there the uImage starts at 0x20000C00 and the CSF comes far behind somewhere. Then I use imx_usb from Boundary Device to load u-boot signed and uImage over USB and boot u-boot (not Linux). Now u-boot runs an uImage is at 0x20000C00 (wrapped in image loaded to 0x20000000). If I do "bootm 20000C00" from u-boot, the kernel boots. This tells me that a lot is OK.

Then I try to call HAB Authenticate Image from 0x20000000. I get four or five HAB events depending on what I do with the IVT. The first HAB event is this:

0xdb  0x00 0x08 0x41            0x33           0x22                0x0a                     0x00, which means

event size          HAB version HAB Failure Invalid Address authenticate image

This looks ok. But what does "Invalid address" mean? In the HAB V4 API RM it says "access denied" in one place. After the authenticate_image function is says "address outside allowed region" (seems equal to access denied), "IVT, DCD; Boot Data, or CSF outside image bounds (they are not), IVT self or entry points is NULL (they are not). The reason why I can say "they are not" is because if I try images with various information in the IVT (without self for instance) I get other HAB events that fit to the intended error.

After trying this for i while I found another document Linux HAB UG that show how to verify and boot a signed uImage. It wraps uImage differently, but otherwise is is quite like my first try. And guess. I get almost the same result ... :-(

So to the questions:

- I compile uImage with load address 0x10800000 and load it to DDR 0x20000000. The "bootm 20000000" command then copies the image from 0x20000040 to 0x10800000 and jumps there, right?

- Where is it supposed to be verified? At 0x20000000 or at 0x10800000?

- Which u-boot-version does the document refer to? I have tried to find the CONFIG_SECURE_BOOT symbol in my u-boot-clone from github and it is almost non-existing. It is not found in any files I would suspect were used om i.MX6. It also refers to a bootm command that do call authenticate_image. Where is that function?

- Btw. the clocks (caam) refered to in the Linux HAB UG is not configured on my board, but doing it does not help (mw 20c4068 ff3f3f shold do the trick ... but doesn't :-( )

Sp1

Labels (3)
2 Replies

1,221 Views
Yuri
NXP Employee
NXP Employee

Before running, codes (uImage, in particular) should be checked by the
HAB. Address range to be checked is stated in the corresponding “.csf”

file in section [Authenticate Data]. Basically addresses for checking may

differ from addresses that are intended for code execution, if the code can
replace itself.

As for secure U-boot, please try the (LTIB) Linux release on the Freescale Web.

https://www.freescale.com/webapp/Download?colCode=L3.0.35_4.1.0_ER_SOURCE_BSP&appType=license&locati...

In documentation package, Linux User's Guide ("i.MX_6Dual6Quad_SABRE-SD_Linux_User's_Guide.pdf"),

Chapter 3 (Building the Linux Platform) contains instructions how to build the (LTIB) system.

Host Linux should be properly configured for it. Please refer to the next Community link for recent

recommendations :

"i.MX Linux BSP Environment Setup"

https://community.freescale.com/docs/DOC-95042

Recent information about i.MX6 HAB may be found here :

“MX6 HAB (High Assurance Boot)”

https://community.freescale.com/docs/DOC-96451

Also, please refer to “i.MX_6_Linux_High_Assurance_Boot_(HAB)_User's_Guide.pdf” in Linux

(LTIB) documentation package.

1,221 Views
sp1
Contributor II

I found the problem at last. The size I sent to the hab_authenticate function in the HAB ROM table had to include the CSF (of course :-), but I didn't realise that it was too short before I calculated through the image thoroughly on more time.

Sp1

0 Kudos