AnsweredAssumed Answered

i.MX6 Secure boot test

Question asked by Vincent Siles on Jan 26, 2017
Latest reply on Jan 27, 2017 by Vincent Siles

Hi !

I'm working on a secure boot for an i.MX6q platform. My u-boot is splitted into SPL and u-boot.img.

 

SPL is signed and I have 0 HAB event pending at this point. I added a call to the authenticate function in the SPL, to try to check a signed u-boot.img but I get a "hab fuse not enabled" message. In the code I see that authenticate_image only call the HAB if the fuse is burnt.

 

I removed this test and the SPL tries but fails to check u-boot.img (it fails in hab_rvt_authenticate_image).

 

1) why is the authenticate_image only designed to work if the fuse is burnt ? can't we try to check the signature of a second stage boot without burning the fuse ?

2) any idea with the hab_rvt_authenticate_image, called from the SPL, might not return ?

 

Best,

Vincent

Outcomes