AnsweredAssumed Answered

I.MX6 using HAB  in kernel

Question asked by Alex Berenshtein on Aug 13, 2017

Hi.
We try build HAB for i.mx6 ( u-boot & Kernel )
We use cst-232 tool & mxc_security from Freescale.
We try build security u-boot & security Kernel ( i.mx6-sabre ).
Compile u-boot ( Ver. 2015 year ) with
#define CONFIG_SECURE_BOOT.

Compile Kernel , zImage.

Use cst-tools-232 & Freescale scripts for makes u-boot-signed-pad.imx & zImage-signed-pad.bin .
Make SD-card with new secure-u-boot & new secure-zImage .
Power ON board.
Om u-boot terminal type -> hab_staus

Secure boot enabled
HAB Configuration: 0xcc, HAB State: 0x99
No HAB Events Found!

According user manual this OK.
Reset board.
Working u-boot & kernel & File System.
..............................................................................................

Next step:
Blow the SRK Fuse Table:

- Dump the SRK Fuse Table:
hexdump -e '/4 "0x"' -e '/4 "%X""\n"' my_fuse_filename

0x20593752
0x6ACE6962
0x26E0D06C
0xFC600661
0x1240E88F
0x209F144
0x831C8117
0x1190FD4D

For the SRK:
fuse prog 3 0 0x20593752
fuse prog 3 1 0x6ACE6962
fuse prog 3 2 0x26E0D06C
fuse prog 3 3 0xFC600661
fuse prog 3 4 0x1240E88F
fuse prog 3 5 0x0209F144
fuse prog 3 6 0x831C8117
fuse prog 3 7 0x1190FD4D

Reset board.
Working u-boot & kernel & File System.

Turn on RNG_TRIM ( by Linux interface )
echo 0x00040000 > HW_OCOTP_MEM0

Reset board.
Working u-boot & kernel & File System.

.....................................................................................................
last step:
Put SEC_CONFIG to close (turn on chip security).
On u-boot terminal:
fuse prog 0 6 0x02
reset.

We have a problem.
After starting , kernel is stops:
..............................................................................................
reading boot.scr
** Unable to read file boot.scr **
reading zImage-signed-pad.bin
6610976 bytes read in 396 ms (15.9 MiB/s)
Booting from mmc ...
reading imx6dl-sabresd.dtb_boot0
41026 bytes read in 26 ms (1.5 MiB/s)
Kernel image @ 0x12000000 [ 0x000000 - 0x64b550 ]
## Flattened Device Tree blob at 18000000
Booting using the fdt blob at 0x18000000
Authenticate image from DDR location 0x12000000...
Secure boot enabled
HAB Configuration: 0xcc, HAB State: 0x99
No HAB Events Found!
Using Device Tree in place at 18000000, end 1800d041

Starting kernel ...
Booting Linux on physical CPU 0x0 ...
.... Lot of data ........
..... Loading dada .....
.........
......
mmcblk2: mmc2:0001 M32508 3.64 GiB
mmcblk2boot0: mmc2:0001 M32508 partition 1 4.00 MiB
mmcblk2boot1: mmc2:0001 M32508 partition 2 4.00 MiB
mmcblk2rpmb: mmc2:0001 M32508 partition 3 4.00 MiB

..........................................................
Kernel stopped on eMMC .

1. My Questions :
What is TRIM fuse ( echo 0x00040000 > HW_OCOTP_MEM0 ).

2. May be we have hardware problem ?
For example , no have clocks , GPIO - setting.

What is :
GPIO_0__SNVS_VIO_5 , GPIO_18__SNVS_VIO_5.
My be missing addition settings.

Best regards.

Original Attachment has been moved to: Freescale-Scripts_HAB.tar.gz

Outcomes