AnsweredAssumed Answered

Cannot boot with closed device of HAB on i.mx6 .

Question asked by Wich Lin on Jul 23, 2017
Latest reply on Jul 25, 2017 by Breno Matheus Lima

We want to use HAB(high assurance boot) on i.mx6.
BSP: L4.1.15_1.0.0-ga_images_MX6QDLSOLO.tar.gz Yocto
We have three files u-boot.imx, zImage and imx6dl-sabresd.dtb which are produced by the BSP..
According to the document AN4581.pdf and the URL High Assurance Boot (HAB) for dummies - Boundary Devices .
1. Execute "~/cst-2.3.2/keys$ ./" to generate key files.
2. Execute 8 "fuse prog -y 3 0 ...." to fuse the key into the CPU."
3. Execute "./cst --o u-boot_csf.bin --i u-boot.csf", "cat u-boot.imx u-boot_csf.bin > u-boot_signed.imx", and I am sure the u-boot_signed.imx is correct by the proving of the command "hab_status"
4. Execute "fuse prog 0 6 0x2" to close the device.
5. use var-genIVT to generate ivt.bin
6. "objcopy -I binary -O binary --pad-to=0x469000 --gap-fill=0x00 zImage zImage-pad.bin
7. "cat zImage-pad.bin ivt.bin > zImage-pad-ivt.bin"
8. "./cst --o zImage_csf.bin --i zImage.csf"
9. "cat zImage-pad-ivt.bin zImage_csf.bin > zImage_signed"
I am sure the zImage_signed is correct, because "hab_auth_img" answers "No HAB Events Found!"

I don't treat the dtb file, because it doesn't matter.


But it is stock at the dumping message as below:
hub 1-1:1.0: USB hub found
hub 1-1:1.0: 4 ports detected
usb 1-1.2: new high-speed USB device number 3 using ci_hdrc


The normal situation should be go with below messages.
caam 2100000.caam: Entropy delay = 3200
caam 2100000.caam: Instantiated RNG4 SH0
caam 2100000.caam: Instantiated RNG4 SH1
caam 2100000.caam: device ID = 0x0a16010000000100 (Era -524)
caam 2100000.caam: job rings = 2, qi = 0
caam algorithms registered in /proc/crypto
caam_jr 2101000.jr0: registering rng-caam
platform caam_sm: blkkey_ex: 4 keystore units available
platform caam_sm: 64-bit clear key:

I tried "fuse prog 1 0 0x00100000" on the other board, but it is still the same.

How should I do to make it work?