AnsweredAssumed Answered

iMX280 signed HAB boot issues

Question asked by Jeff Morgan on Dec 29, 2015
Latest reply on Jan 11, 2016 by Jeff Morgan



I'm trying to get secure and encrypted boots working with the iMX280.  My current setup consists of loading the bootloader through USB, and then burning it to a NAND chip.  There is no SD card reader on the board.  Using the ltib build system, with linux kernel and u-boot 2009.08.


Currently, I'm following a mix of AN4555 and this post: .  After updating the .bd files and source files with the patches, and some other minor tweaks, I've got both the ivt_linux and ivt_uboot building, and the ivt_linux build works properly, while the ivt_uboot fails after power/boot prep with "0x8050100c" when trying to do the final jump into u-boot.  However, on a board that I have burned the SRK into, along with burning HAB_CONFIG OTP field to HAB_CLOSED, I get the following error on boot (for both u-boot and linux ivts):





Which looks like the board is loading everything up until the call to power_prep, and then being unable to find the bootlets, it reverts to the expected 0x80508002 error at not being able to find a boot source.


Before burning the OTP fuses I received no HAB errors, though I'm not sure if this is because it was truly error-free, or if there was a mistake in setting up the error reporting. 


Are these errors popping up due to incorrectly signing the bootlets?  Or maybe a problem with burning the OTP fuses incorrectly (with incorrect values, the process works properly)?  Or is it a matter of mapping the bootlet sections incorrectly in the .bd/linker files?  I have a feeling that's the issue with the u-boot booting at least, but I'm at a loss for the linux boot.


Any help is appreciated!


Thank you,

Jeff M.