- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- iMX6 HAB Problem
iMX6 HAB Problem
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I'm currently trying tu use HAB on a board specific using iMX6DL with u-boot 2014.04 ( from freescale.)
I've the following line in my board cfg file
IMAGE_VERSION 2
BOOT_FROM sd
CSF 0x2000
When I compile u-boot i've the following output
Image Type: Freescale IMX Boot Image
Image Ver: 2 (i.MX53/6 compatible)
Mode: DCD
Data Size: 290816 Bytes = 284.00 kB = 0.28 MB
Load Address: 177ff420
Entry Point: 17800000
HAB Blocks: 177ff400 00000000 00044c00
I've created the key using CST tools 2.2 (with my own serial and pass_key.txt files)
cd keys
./hab4_pki_tree.sh (n,2048,10,n)
cd ../crts
../linux/srktool -h 4 -t SRK_1_2_3_4_table.bin -e SRK_1_2_3_4_fuse.bin -d sha256 -c ./SRK1_sha256_2048_65537_v3_usr_crt.pem,./SRK2_sha256_2048_65537_v3_usr_crt.pem,./SRK3_sha256_2048_65537_v3_usr_crt.pem,./SRK4_sha256_2048_65537_v3_usr_crt.pem -f 1
My u-boot.csf is :
[Header]
Version = 4.0
Security Configuration = Open
Hash Algorithm = sha256
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "./crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
File = "./crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
Verification index = 0
Target index = 2
File = "./crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
# Sign padded u-boot starting at the IVT through to the end with
# lenght 0x2F000 (padded u-boot lenght) - 0x400 (IVT offset) = 0x2EC00
# This covers the essential parts: IVT, boot data and DCD.
# Blocks have the following definition:
# Image block start address on i.MX, Offset from start of image file,
# Length of block in bytes, image data file
[Authenticate Data]
Verification index = 2
Blocks = 0x177ff400 0x000 0x44c00 ".u-boot-pad.bin"
I generate the u-boot-signed file using following commands
./linux/cst --o u-boot_csf.bin < u-boot.csf
cat u-boot-pad.bin u-boot_csf.bin > u-boot-signed.bin
I burn the SRK fuse on the iMX
and copy my u-boot signed on the eMMC
Everything is fine (no error) and when I boot up the hab_status give me the following output
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x00
0x00 0x00 0x00 0x20
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x2c
0x00 0x00 0x03 0x08
--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x20
0x00 0x00 0x00 0x01
--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x17 0x80 0x00 0x00
0x00 0x00 0x00 0x04
--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x1d 0xc0 0x00
0xbe 0x00 0x0c 0x00 0x03 0x17 0x00 0x00
0x00 0x00 0x00 0x48
Any ideas ??
Thanks in advance
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Wee Do,
Looking at the log, it seems that the problem is an invalid key. And looking at your procedure, I believe the problem is here:
cd keys
./hab4_pki_tree.sh (n,2048,10,n)
cd ../crts
By answering 'n' to the last question, the PKI tree is build for "fast authentication". Your CSF file is for normal authentication.
And example of fast authentication is:
[Header]
Version = 4.1
Hash Algorithm = sha256
Engine = ANY
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = “../crts/TBL_1_sha256+tbl.bin”
Source index = 0
[Install NOCAK]
File = “../crts/SRK1_sha256_2048_65537_v3_usr_crt.pem”
[Authenticate CSF]
#whole line comment
[Authenticate Data] # part line comment
Verification index = 0
Blocks = 0x877fb000 0x000 0x48000 “signed-u-boot.bin"
By the way here is parsing of your log:
------------+----+------+----+-------------------------------------------------
Persistent | T | L | P | Contents
Memory | a | e | a |
Record | g | n | r |
Type | | g | |
| | t | |
| | h | |
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0014|0x41| SRCE Field: 33 0c a0 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_ASSERTION (0x0C)
| | | | CTX = HAB_CTX_ASSERT (0xA0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Evt Data (hex):
| | | | 00 00 00 00 17 7f f4 00 00 00 00 20
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0014|0x41| SRCE Field: 33 0c a0 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_ASSERTION (0x0C)
| | | | CTX = HAB_CTX_ASSERT (0xA0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Evt Data (hex):
| | | | 00 00 00 00 17 7f f4 2c 00 00 03 08
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0014|0x41| SRCE Field: 33 0c a0 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_ASSERTION (0x0C)
| | | | CTX = HAB_CTX_ASSERT (0xA0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Evt Data (hex):
| | | | 00 00 00 00 17 7f f4 20 00 00 00 01
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0014|0x41| SRCE Field: 33 0c a0 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_ASSERTION (0x0C)
| | | | CTX = HAB_CTX_ASSERT (0xA0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Evt Data (hex):
| | | | 00 00 00 00 17 80 00 00 00 00 00 04
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0014|0x41| SRCE Field: 33 1d c0 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_KEY (0x1D)
| | | | CTX = HAB_CTX_COMMAND (0xC0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Cmd Field: 0xbe000c00
| | | | CMD: HAB_CMD_INS_KEY (0xbe)
| | | | LEN: 0x000c
| | | | FLG: 0x03
| | | | FLAGS: NOTHING YET
| | | | PAST Field: 0x03170000
| | | | Crt. addr: 0x00000048
------------+----+------+----+-------------------------------------------------
Regards,
Raul Cardenas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Wee Do,
Looking at the log, it seems that the problem is an invalid key. And looking at your procedure, I believe the problem is here:
cd keys
./hab4_pki_tree.sh (n,2048,10,n)
cd ../crts
By answering 'n' to the last question, the PKI tree is build for "fast authentication". Your CSF file is for normal authentication.
And example of fast authentication is:
[Header]
Version = 4.1
Hash Algorithm = sha256
Engine = ANY
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = “../crts/TBL_1_sha256+tbl.bin”
Source index = 0
[Install NOCAK]
File = “../crts/SRK1_sha256_2048_65537_v3_usr_crt.pem”
[Authenticate CSF]
#whole line comment
[Authenticate Data] # part line comment
Verification index = 0
Blocks = 0x877fb000 0x000 0x48000 “signed-u-boot.bin"
By the way here is parsing of your log:
------------+----+------+----+-------------------------------------------------
Persistent | T | L | P | Contents
Memory | a | e | a |
Record | g | n | r |
Type | | g | |
| | t | |
| | h | |
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0014|0x41| SRCE Field: 33 0c a0 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_ASSERTION (0x0C)
| | | | CTX = HAB_CTX_ASSERT (0xA0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Evt Data (hex):
| | | | 00 00 00 00 17 7f f4 00 00 00 00 20
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0014|0x41| SRCE Field: 33 0c a0 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_ASSERTION (0x0C)
| | | | CTX = HAB_CTX_ASSERT (0xA0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Evt Data (hex):
| | | | 00 00 00 00 17 7f f4 2c 00 00 03 08
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0014|0x41| SRCE Field: 33 0c a0 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_ASSERTION (0x0C)
| | | | CTX = HAB_CTX_ASSERT (0xA0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Evt Data (hex):
| | | | 00 00 00 00 17 7f f4 20 00 00 00 01
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0014|0x41| SRCE Field: 33 0c a0 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_ASSERTION (0x0C)
| | | | CTX = HAB_CTX_ASSERT (0xA0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Evt Data (hex):
| | | | 00 00 00 00 17 80 00 00 00 00 00 04
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0014|0x41| SRCE Field: 33 1d c0 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_KEY (0x1D)
| | | | CTX = HAB_CTX_COMMAND (0xC0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Cmd Field: 0xbe000c00
| | | | CMD: HAB_CMD_INS_KEY (0xbe)
| | | | LEN: 0x000c
| | | | FLG: 0x03
| | | | FLAGS: NOTHING YET
| | | | PAST Field: 0x03170000
| | | | Crt. addr: 0x00000048
------------+----+------+----+-------------------------------------------------
Regards,
Raul Cardenas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Answering 'y' to the last question and it's work now !!!
Thank you.You've made my day.
I owe you one ;-) !!
