AnsweredAssumed Answered

Problems with HAB and SDP

Question asked by Todd Goodman on Jan 4, 2016
Latest reply on Jan 27, 2017 by Yuri Muhin

Hi,

 

I'm trying to use an i.MX 6 with Serial Download Protocol with our own manufacturing tool running on Linux (similarly to how the Freescale mfgtool v2.0.8 works) to download a manufacturing u-boot.bin and uImage to bootstrap a newly manufactured board.

 

Without attempting to use HAB everything is fine and works as expected.

 

When signing our shipping u-boot.bin which is loaded by the boot ROM from eMMC then it all works as expected as well.

 

However, when using our manufacturing u-boot.bin which is loaded via SDP, I always get an "Invalid IVT" failure from the HAB ROM (see below for actual events.)

 

If I try to do the same via the Freescale mfgtool I get the same errors.

 

I've read the HAB4 API RM, AN4581.pdf, the HAB Code Signing Tool User Guide, and all the discussions I could find here.

 

Our linux tool speaks to the i.MX 6 and uses the SDP DCD_WRITE command to write the DCD to 0x910000 first, then it uses the SDP command WRITE_FILE to write u-boot.bin to 0x27800000 (with the DCD pointer in the IVT zeroed so the i.MX 6 doesn't attempt to rerun the DCD commands.)

 

The  IVT and Boot Data are as follows:

    IVT:

        Header: 402000D1 (tag D1, len 32, version 40)

        Entry: 278006E0, DCD: 2780042C, Boot Data: 27800420

        Self: 27800400, CSF: 27829000

    Boot Data:

        Start: 27800000, Length: 177664, Plugin: 00000000

 

The CSF is:

 

[Header]

Version = 4.1

Hash Algorithm = sha256

Engine Configuration = 0

Certificate Format = X509

Signature Format = CMS

[Install SRK]

File = "../crts/SRK_1_2_3_4_table.bin"

Source index = 0

[Install CSFK]

File = "../crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Unlock]

Engine = CAAM

Features = RNG

[Install Key]

Verification index = 0

Target index = 2

File = "../crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem"

# Sign padded u-boot starting at the IVT through to the end with

# length = 0x27000 (padded u-boot length) - 0x400 (IVT offset) = 0x26C00

# This covers the essential parts: IVT, boot data and DCD.

# Blocks have the following definition:

# Image block start address on i.MX, Offset from start of image file,

# Length of block in bytes, image data file

 

 

[Authenticate Data]

Verification index = 2

Blocks = 0x00910000 0x0000042C 0x000002B0 "u-boot-mfg.pad"

 

 

[Authenticate Data]

Verification index = 2

Blocks = 0x27800000 0x400 0x00029000 "u-boot-mfg.pad"

 

And the HAB events are (our u-boot interprets the events:)

 

HAB Configuration: Open (0xf0) HAB State: Nonsecure (0x66)

 

--------- HAB Event 1 -----------------

event data:

        0xdb 0x00 0x08 0x41 0x33 0x05 0x0a 0x00

Status: Failed (33), Reason: Invalid IVT (05)

Context: authenticate_image() (0A), Engine: Any (00)

 

--------- HAB Event 2 -----------------

event data:

        0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00

Status: Failed (33), Reason: Invalid Address (22)

Context: authenticate_image() (0A), Engine: Any (00)

 

--------- HAB Event 3 -----------------

event data:

        0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00

Status: Failed (33), Reason: Invalid Address (22)

Context: authenticate_image() (0A), Engine: Any (00)

 

--------- HAB Event 4 -----------------

event data:

        0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00

Status: Failed (33), Reason: Invalid Address (22)

Context: authenticate_image() (0A), Engine: Any (00)

 

--------- HAB Event 5 -----------------

event data:

        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

        0x00 0x00 0x00 0x00 0x27 0x80 0x04 0x00

        0x00 0x00 0x00 0x20

Status: Failed (33), Reason: Invalid Assertion (0C)

Context: assert() (A0), Engine: Any (00)

 

--------- HAB Event 6 -----------------

event data:

        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

        0x00 0x00 0x00 0x00 0x27 0x80 0x06 0xe0

        0x00 0x00 0x00 0x04

Status: Failed (33), Reason: Invalid Assertion (0C)

Context: assert() (A0), Engine: Any (00)

 

--------- HAB Event 7 -----------------

event data:

        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00

        0x00 0x00 0x00 0x00 0x00 0x91 0x00 0x00

        0x00 0x00 0x02 0xb0

Status: Failed (33), Reason: Invalid Assertion (0C)

Context: assert() (A0), Engine: Any (00)

 

How is the SDP Boot ROM code locating the IVT? 

 

Does it look at offset 0x400 from the address the WRITE_FILE command loads the u-boot.bin to?

 

Thank you,

 

Todd

Outcomes