AnsweredAssumed Answered

iMX6 HAB Problem

Question asked by Wee Do on Mar 4, 2015
Latest reply on Mar 5, 2015 by Wee Do

Hi,

 

I'm currently trying tu use HAB on a board specific using iMX6DL with u-boot 2014.04 ( from freescale.)

 

I've the following line in my board cfg file

 

IMAGE_VERSION 2

BOOT_FROM   sd

CSF 0x2000

 

When I compile u-boot i've the following output

 

Image Type:   Freescale IMX Boot Image

Image Ver:    2 (i.MX53/6 compatible)

Mode:         DCD

Data Size:    290816 Bytes = 284.00 kB = 0.28 MB

Load Address: 177ff420

Entry Point:  17800000

HAB Blocks:   177ff400 00000000 00044c00

 

I've created the key using CST tools 2.2 (with my own serial and pass_key.txt files)

 

cd keys

./hab4_pki_tree.sh (n,2048,10,n)

cd ../crts

 

../linux/srktool -h 4 -t SRK_1_2_3_4_table.bin -e SRK_1_2_3_4_fuse.bin -d sha256 -c ./SRK1_sha256_2048_65537_v3_usr_crt.pem,./SRK2_sha256_2048_65537_v3_usr_crt.pem,./SRK3_sha256_2048_65537_v3_usr_crt.pem,./SRK4_sha256_2048_65537_v3_usr_crt.pem -f 1

 

My u-boot.csf is :

[Header]

  Version = 4.0

   Security Configuration = Open

   Hash Algorithm = sha256

   Engine Configuration = 0

   Certificate Format = X509

   Signature Format = CMS

[Install SRK]

   File = "./crts/SRK_1_2_3_4_table.bin"

   Source index = 0

[Install CSFK]

   File = "./crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]

   Verification index = 0

   Target index = 2

   File = "./crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"

# Sign padded u-boot starting at the IVT through to the end with

# lenght 0x2F000 (padded u-boot lenght) - 0x400 (IVT offset) = 0x2EC00

# This covers the essential parts: IVT, boot data and DCD.

# Blocks have the following definition:

#  Image block start address on i.MX, Offset from start of image file,

#  Length of block in bytes, image data file

[Authenticate Data]

   Verification index = 2

   Blocks = 0x177ff400 0x000 0x44c00 ".u-boot-pad.bin"

 

I generate the u-boot-signed file using following commands

 

./linux/cst --o u-boot_csf.bin < u-boot.csf

cat u-boot-pad.bin u-boot_csf.bin > u-boot-signed.bin

 

I burn the SRK fuse on the iMX

and copy my u-boot signed on the eMMC

Everything is fine (no error) and when I boot up the hab_status give me the following output

 

Secure boot disabled

 

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------

event data:

        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

        0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x00

        0x00 0x00 0x00 0x20

 

--------- HAB Event 2 -----------------

event data:

        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

        0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x2c

        0x00 0x00 0x03 0x08

 

--------- HAB Event 3 -----------------

event data:

        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

        0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x20

        0x00 0x00 0x00 0x01

 

--------- HAB Event 4 -----------------

event data:

        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

        0x00 0x00 0x00 0x00 0x17 0x80 0x00 0x00

        0x00 0x00 0x00 0x04

 

 

--------- HAB Event 5 -----------------

event data:

        0xdb 0x00 0x14 0x41 0x33 0x1d 0xc0 0x00

        0xbe 0x00 0x0c 0x00 0x03 0x17 0x00 0x00

        0x00 0x00 0x00 0x48

 

Any ideas ??

 

Thanks in advance

Outcomes