I've been working for the last couple of weeks to get secure boot in U-Boot operational on our own hardware based on the i.MX6DL. Everything seemed to work fine and according to expectations until I ran some final tests before 'closing' the device, i.e. blowing the fuse SEC_CONFIG.
It seems that the HAB4 does determine 'tampering' with a signed image as expected, but it does not determine when an image was signed with a different set of keys.
In other words:
- I created a set of keys using CST 2.3.2 and flashed the fuses in the i.MX6 accordingly.
- Booting seems to work fine, i.e. 'hab_status' reports no events.
- I signed an arbitrary image with the keys created in step #1.
- I downloaded that image to the board and it was authenticated successfully by 'hab_auth_img'.
- I 'tampered' with the downloaded image and authentication failed, i.e. 'hab_auth_img' and 'hab_status' report HAB events.
- I created a different set of keys using CST 2.3.2.
- I signed the same image that was used in step #3 with the keys created in step #6.
- I downloaded that image to the board and it was still authenticated successfully by 'hab_auth_img'.
Note that I patched authenticate_image() in <U-Boot Root>/arch/arm/imx-common/hab.c a bit so that an image is authenticated also when the SEC_CONFIG fuse is not blown.
I'm really confused by this behavior.
Does 'full' authentication work only when the device is 'closed'?
Or do you have another explanation?