Hello,
I thought I had all of my HAB issues figured out, but this one cropped up. Currently, I am trying to get secure boot working on the iMX280, and have it working for the most part. I have uboot signed properly, and the board boots properly with a signed kernel, even with the HAB_CONFIG fuses burned for closed.
With the imx28_ivt_linux bootlets, however, I have the code signed, but it only works some of the time, seemingly randomly. I can build the kernel, then build the bootlets and sign everything, and it will work, but if I rebuild everything, it will fail, and vice versa. Very occassionally, an image that has trouble booting will boot, and vice versa. These random failures only occur on a closed board--a board with the fuses not yet burned boots properly with the signed bootloaders, which indicates to me that it is still a HAB signing issue.
Below are some of the symptoms of these failures (each are isolated by ''' blocks):
'''
LLLLLLLLLFLCLLJUncompressing Linux... done, booting the kernel.
Pref0x80508002
'''
'''
LLLLLLLLLFLCLLJUncompressing Linux...
unexpected EOF
-- System halted
'''
'''
LLLLLLLLLFLCLLJUncompressing Linux... done, booting the kernel.
Undefined Ins0x80508002
'''
'''
LLLLLLLLLFLCLLJUncompressing Linux... done, booting the kernel.
''' (hanging after attempting to boot kernel)
In testing this with uboot, I found that the linux bootlets would fail even with kernels that booted using uboot. I did have one instance where a uImage of the kernel started giving a HAB error while booting with uboot (detailed below), which appears to be coming from an invalid address when trying to authenticate the image. It did not show the full error, however, and continued to boot like normal. I've only been able to get this error on one uImage, and have been unable to recreate it.
'''
U-Boot > bootm
load_addr=0x42000000, size=0x1c8bf0
HAB Configuration: 0xcc HAB State: 0xf0
---------HAB Event 1 -----------------
event data:
0xdb 0x00 0x08 0x40 0x33 0x22 0x0a 0x00
## Booting kernel from Legacy Image at 42000000 ...
'''
Do these booting problems appear to be more with kernel or with the HAB signing process? If it is a HAB issue, what's a good way to enable hab debug code for imx28_ivt_linux? I have the code from the uboot modifications for the get_hab_status function, but linux_prep seems to lack a lot of the libraries needed for it to compile. If it isn't a HAB issue, would it be something like a linker or memory mapping issue? If so, where would be the best place to start looking to fix that?
Thank you,
Jeff M
