AnsweredAssumed Answered

secure boot on sabrelite with u-boot v2013.04

Question asked by Ajay Bande on Jul 12, 2015
Latest reply on Jul 15, 2015 by Ajay Bande

Hi

 

I am   working on secure boot with sabrelite board.(Freescale i.MX6Q rev1.0 at 792 MHz)

I am  using code base "uboot-imx-imx_v2013.04_3.10.17_1.0.0_beta"

I am  facing hab event issue when we issue hab_status command , Please provide your inputs.

I have provided the image, signing and event detail info below.

 

 

 

Image Detail:-

 

tools/mkimage -l u-boot.imx

Image Type:   Freescale IMX Boot Image

Image Ver:    2 (i.MX53/6 compatible)

Mode: DCD

Secure Boot Mode:     ON

CSF Data Address:     17850000

U-Boot Data Size:     357376 Bytes = 349.00 kB = 0.34 MB

U-Boot Load Address:  177fac00

U-Boot Entry Point:   17800000

 

 

signing Detail:-

 

we are using following referance link sign the image.

https://community.freescale.com/docs/DOC-96451"

 

csf_u-boot_yocto.txt file:-

[Header]

Version = 4.1

Hash Algorithm = sha256

Engine Configuration = 0

Certificate Format = X509

Signature Format = CMS

[Install SRK]

File = "../crts/SRK_1_2_3_4_table.bin"

Source index = 0

[Install CSFK]

File = "../crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Unlock]

Engine = CAAM

Features = RNG

[Install Key]

Verification index = 0

Target index = 2

File = "../crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem"

# Sign padded u-boot starting at the IVT through to the end with

# length = 0x5D000 (padded u-boot length)

# This covers the essential parts: IVT, boot data and DCD.

# Blocks have the following definition:

# Image block start address on i.MX, Offset from start of image file,

# Length of block in bytes, image data file

[Authenticate Data]

Verification index = 2

Blocks = 0x177FB000 0x0 0x55000 "u-boot-pad.bin"

 

 

Command :-

 

 

/opt/tooling/codesourcery/MGC-2013.11-73-gcc-4.8.1/Sourcery_CodeBench_for_ARM_GNU_Linux/bin/arm-none-linux-gnueabi-objcopy -I binary -O binary --pad-to 0x55000 --gap-fill=0xff u-boot.imx u-boot-pad.bin

../linux/cst --output csf_u-boot.bin < csf_u-boot_yocto.txt

cat u-boot-pad.bin csf_u-boot.bin > u-boot-signed.bin

 

 

Event Detail:-

 

If we issue hab_status command we are getting following events:-

                        MX6QSABRELITE U-Boot > hab_status

                        iMX6 HAB status Information :

                        =============================

 

                        HAB Configuration: 0xf0, HAB State: 0x66

 

                        --------- HAB Event 1 -----------------

                        event data:

                                                0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

                                                0x00 0x00 0x00 0x00 0x17 0x7f 0xb0 0x00

                                                0x00 0x00 0x00 0x20

 

                        --------- HAB Event 2 -----------------

                        event data:

                                                0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

                                                0x00 0x00 0x00 0x00 0x17 0x7f 0xb0 0x2c

                                                0x00 0x00 0x02 0xf0

 

                        --------- HAB Event 3 -----------------

                        event data:

                                                0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

                                                0x00 0x00 0x00 0x00 0x17 0x7f 0xb0 0x20

                                                0x00 0x00 0x00 0x01

 

                        --------- HAB Event 4 -----------------

                        event data:

                                                0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

                                                0x00 0x00 0x00 0x00 0x17 0x80 0x00 0x00

                                                0x00 0x00 0x00 0x04

 

                        --------- HAB Event 5 -----------------

                        event data:

                                                0xdb 0x00 0x14 0x41 0x33 0x21 0xc0 0x00

                                                0xbe 0x00 0x0c 0x00 0x03 0x17 0x00 0x00

                                                0x00 0x00 0x00 0x50

Outcomes