FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

iMX28 Secure Boot issues

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

iMX28 Secure Boot issues

‎05-29-2014 02:29 PM
2,555 Views
trevork
Contributor I

Hello all,

 

I have been reading through a lot of discussions and application notes and feel I have made some good progress on understanding how it all works.  Right now I am trying to make the needed changes to the updater_ivt boot file to allow it to boot.  The updater_ivt.sb file is composed of the power_prep, boot_prep and linux_prep bootlets and no u-boot.  I am able to compile it and when I go to run it, I get mixed results.

 

If the SRK fuses have NOT been programmed, it boots fine.  If the SRK is programmed and the HAB is OPEN, I get one of the following error messages:

Uncompressing Linux...

Out of memory while allocating z_stream

--- System halted

 

Uncompressing Linux...

Not a gzip file

-- System halted

 

I am currently trying to run this on a custom PCB and application.  This board has successfully run Linux and our code and the only changes I am making are related towards HAB and securing the system.  I have read through and referenced the following documents:

Secure Boot with i.MX28 HAB v4 (AN4555)

HAB Code-Signing Tool

Mx28 Secure Boot

 

Essentially, I have done the following:

1.  Updated the C code in the boot_prep/init-mx28.c and link information in boot_prep/link.lds

2.  Updated the power_prep.c and associated link.lds

3.  Updated the C code in linux_prep/board/iMX28_EVK.c and linux_prep/linux_prep.ld.in

4.  Generated the bin files with objcopy as described in AN4555 page 19

5.  Compiled and generated everything with an updated updater_ivt.bd file.

 

Right now, I have not been seeing any HAB data on the screen. (I can't seem to find the library to include so I can call the get_hab_status as described on page 25 of AN4555, so if anyone can give me a few pointers here as well, I would be grateful)  And since I can't see it at the moment, I have been focusing on getting it to boot in OPEN HAB configuration.

 

I have attached the files related to the linux_prep bootlet since the power and boot prep bootlets seem to be executing and transitioning correctly.

 

I appreciate any help and am sorry for any dumb questions I may ask.  I am still learning.

 

UPDATE:

The not a gzip file error has stopped coming (it only came about the first reboot after the bits being burned).  And I have traced the z_stream error to where it is occurring.  It seems that the very first call to malloc() fails and causes the error.

Original Attachment has been moved to: linux_prep.map.zip

Original Attachment has been moved to: linux_prep.ld.in.zip

Original Attachment has been moved to: updater_ivt.bd.zip

Labels (2)
Labels
Tags (3)
0 Kudos
Reply
2 Replies

‎06-04-2014 09:29 AM
1,526 Views
alejandrolozan1
NXP Employee
NXP Employee

Hi,

Peeking at your procedure it seems to be correct. Let me delve into this.

Best Regards,

Alejandro

0 Kudos
Reply

‎05-30-2014 03:51 PM
1,526 Views
trevork
Contributor I

Well, I couldn't figure out what the deal was.  However, I changed the kernel compression method from GZIP to LZMA and it booted just fine.  Still don't know if the HAB is correct since it isn't giving me any output (if anyone is able to provide the needed HAB libraries, I would be appreciative).

If anyone wants to comment on why GZIP didn't work, I would be interested to hear your thoughts.

Thanks

0 Kudos
Reply