AnsweredAssumed Answered

Vybrid and HAB authentication

Question asked by Thomas Wong on Oct 21, 2016

Hello,

 

I am having trouble getting HAB authentication to work on the TWR-VF65GS10 and am wondering what I am missing or what I can try to do to get it to work. The compiler I am using is IAR Embedded Workbench.

 

In my situation, I have 2 tower boards: one in open state that I am using for reference and the other in closed state with the SRK values generated by the cst 2.3.1 package written to the OCOTP_SRK fuses. I can still debug using JTAG on the closed board.

 

I created a program blink.bin (attached along with linker file sram_iar_a5.icf) that will boot from the SD card and then continuously blink the LEDs on the tower board based on the example in \Freescale\Freescale_MQX_4_2\mqx\examples\bootloader_vybrid. I booted blink.bin from the SD card on the open board and confirmed that it worked but after following the signing steps on blink.bin I cannot get the signed image to boot from the SD card on the closed board.

 

So far, I have been using AN4581 as a guide.

 

From there I generated the PKI tree and SRK table.

 

I programmed the fuses and verified with the debugger (OCOTP_SRK#) that they were actually programmed.

(Do I have the order and endianess correct in the example below?)

 

eg.

hexdump -e '/4 "0x"' -e '/4 "%X""\n"' SRK_1_2_3_4_fuse.bin

0x00112233

0x44556677

0x8899AABB

0xCCDDEEFF

0x00112233

0x44556677

0x8899AABB

0xCCDDEEFF

 

 

Next, I closed the board by programming Bank 0, Word 6, Byte 0 to 0x02 (verified with OCOTP_CFG5).

 

Next, I took blink.bin and padded with zeros at the end to align it with 0x1000 size to make blink_padded.bin (attached)

(Am I padding the wrong area?).

 

Then I ran the following to generate blink_csf.bin (attached) using blink.csf file (attached) and concatenated blink_padded.bin + blink_csf.bin = blink_signed.bin (attached) :

 

thomas@thomas-VirtualBox:~/cst/cst-2.3.1/blink$ ../linux64/cst --o blink_csf.bin < blink.csf
CSF Processed successfully and signed data available in blink_csf.bin
thomas@thomas-VirtualBox:~/cst/cst-2.3.1/blink$ cat blink_padded.bin blink_csf.bin > blink_signed.bin

 

Next on Windows I copied the blink_signed.bin image onto the SD card:

C:\Freescale\Freescale_MQX_4_2\tools\ddcopy>ddcopy.exe infile=blink_signed.bin outdevice=u: seek=0x400 obs=512
start copying
done

 

Then I tried to boot using the SD card on the closed board with the jumpers as shown but blink does not seem to be able to run.

(Do I have some jumper(s) in the wrong place?)

 

 

I took the same SD card and booted it on the open board and it was able to run so I think it must have something to do with the HAB.

 

From AN4581, I understand that iMX6 has a hab_status command that can be enabled in U-Boot to look at the events that were generated. I was able to compile and run U-Boot on the Vybrid tower with the instructions here u-boot on the Vybrid tower board in a few commands and added #define CONFIG_SECURE_BOOT to vf610twr.h but I don't think there is support for the hab_status command for Vybrid on U-Boot? Is there another way to examine the events that are generated to try to figure out what exactly the HAB is dissatisfied with?

 

Any advice would be appreciated.

 

Thanks,

Thomas

Original Attachment has been moved to: blink_csf.bin.zip

Original Attachment has been moved to: blink.csf.zip

Original Attachment has been moved to: blink_padded.bin.zip

Original Attachment has been moved to: sram_iar_a5.icf.zip

Original Attachment has been moved to: blink_signed.bin.zip

Original Attachment has been moved to: blink.bin.zip

Outcomes