AnsweredAssumed Answered

Signing Code Downloadable with Manufacturing Tool(HAB)

Question asked by toren yan on Mar 24, 2014
Latest reply on Apr 15, 2014 by Yuri Muhin

Hello all.

NOW I came across a problem with SECURE BOOT(HAB)  on I.MX6S.

I've followed through the AN4581("Signing Code Downloadable with Manufacturing Tool").but i met HAB Event unfortunately.witch as follow.

Out:   serial

Err:   serial

Checking HAB_status

 

 

HAB Configuration: 0xf0  HAB State: 0x66

 

 

--------- HAB Event 1 -----------------

event data:

    0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00

 

 

--------- HAB Event 2 -----------------

event data:

    0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00

 

 

--------- HAB Event 3 -----------------

event data:

    0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00

 

 

--------- HAB Event 4 -----------------

event data:

    0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

    0x00 0x00 0x00 0x00 0x27 0x80 0x07 0x00

    0x00 0x00 0x00 0x20

 

 

--------- HAB Event 5 -----------------

event data:

    0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

    0x00 0x00 0x00 0x00 0x27 0x80 0x07 0x20

    0x00 0x00 0x00 0x04

 

 

--------- HAB Event 6 -----------------

event data:

    0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

    0x00 0x00 0x00 0x00 0x00 0x91 0x00 0x00

    0x00 0x00 0x02 0xe0

Net:   got MAC address from IIM: 00:01:02:03:04:05

FEC0 [PRIME]

..main_loop

------------------------------------------------------------------------------------------------------

My u-boot.csf file comes bellow:

-----------------------------------------------------------------------------------------------------

[Header]

  Version = 4.0

  Security Configuration = Open

  Hash Algorithm = sha256

  Engine Configuration = 0

  Certificate Format = X509

  Signature Format = CMS

[Install SRK]

  File = "../crts/SRK_1_2_3_4_table.bin"

  Source index = 0

[Install CSFK]

  File = "../crts/CSF1_1_sha256_1024_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]

  Verification index = 0

  Target index = 2

  File = "../crts/IMG1_1_sha256_1024_65537_v3_usr_crt.pem"

# Sign padded u-boot starting at the IVT through to the end with

# length = 0x2F000 (padded u-boot length) - 0x400 (IVT offset) = 0x2EC00

# Note: 0x2F000 may be different depending on the size of U-Boot

# This covers the essential parts: IVT, boot data and DCD.

# Blocks have the following definition:

# Image block start address on i.MX, Offset from start of image file,

# Length of block in bytes, image data file

[Authenticate Data]

  Verification index = 2

  Blocks = 0x27800400 0x400 0x2EC00 "u-boot-pad.bin",\

    0x00910000 0x42C 0x2E0 "u-boot-pad.bin"

---------------------------------------------------------------------------------------------------

QQ图片20140322124824.jpg

The pic above is the IVT get from u-boot-signed-pad.bin.

--------------------------------------------------------------------------------------------------

Can anyone help me with this.TKS.

 

Another question is HOW does CST TOOL deal with [Authenticate Data],what's the difference between these below:

[Authenticate Data]

  Verification index = 2

  Blocks = 0x27800400 0x400 0x2EC00 "u-boot-pad.bin",\

               0x00910000 0x42C 0x2E0 "u-boot-pad.bin"  

------------------------------------------------------------------------------------------------

[Authenticate Data]

  Verification index = 2

  Blocks = 0x00910000 0x42C 0x2E0 "u-boot-pad.bin",\

               0x27800400 0x400 0x2EC00 "u-boot-pad.bin"

------------------------------------------------------------------------------------------------

[Authenticate Data]

  Verification index = 2

  Blocks = 0x27800400 0x400 0x2EC00 "u-boot-pad.bin"

[Authenticate Data]

  Verification index = 2

  Blocks =  0x00910000 0x42C 0x2E0 "u-boot-pad.bin"

------------------------------------------------------------------------------------------------

[Authenticate Data]

  Verification index = 2

  Blocks = 0x00910000 0x42C 0x2E0 "u-boot-pad.bin"

[Authenticate Data]

  Verification index = 2

  Blocks = 0x27800400 0x400 0x2EC00 "u-boot-pad.bin"

------------------------------------------------------------------------------------------------

 

does 0x00910000 is the right address for I.mx6?

THANKS VERY MUCH!

Outcomes