AnsweredAssumed Answered

iMX6Q signed u-boot in closed configuration unstable booting

Question asked by Evgeny Molchanov on Sep 18, 2017
Latest reply on Sep 20, 2017 by Evgeny Molchanov

Hi all,

I have custom board with iMX6Q and I need to close it.

I generate all necessary files with cst-2.3.2 and burn SRK HASH to eFuses with MFGTools.

After signing u-boot(Android 4.4.3) I have checks what No HAB event occured:

 

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!

 

and I close device with command: fuse prog 0 6 0x00000002

after reset board starts and in console:

Secure boot enabled                                                                          
                                                                                             
HAB Configuration: 0xcc, HAB State: 0x99                                                     
No HAB Events Found!                                                                         

 

I am trying different boot devices: SD, eMMC and SPI. But sometimes board doesn't boot!!!

 

Here is my u-boot.csf:

[Header]
Version = 4.0
Hash Algorithm = SHA256
Engine = Any
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS

 

[Install SRK]
File = "../crts/SRK_1_2_3_4_table.bin"
Source Index = 0
Hash Algorithm = sha256

 

[Install CSFK]
File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
Certificate Format = X509

 

[Authenticate CSF]
[Install Key]
File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
Verification Index = 0
Target Index = 2
Certificate Format = X509

 

[Authenticate Data]
Blocks = 0x177FF400 0x0 0xafc00 "u-boot-pad.imx"
Verification Index = 2

 

 

Here is u-boot.imx hexdump:

00000000  d1 00 20 40 00 00 80 17  00 00 00 00 2c f4 7f 17  |.. @........,...|
00000010  20 f4 7f 17 00 f4 7f 17  00 f0 8a 17 00 00 00 00  | ...............|
00000020  00 f0 7f 17 00 20 0b 00  00 00 00 00 d2 02 f8 40  |..... .........@|
00000030  cc 02 f4 04 02 0e 07 98  00 0c 00 00 02 0e 07 58  |...............X|
00000040

header:       40 20 00 d1

entry:         17 80 00 00

reserved1:   00 00 00 00

dcd:            17 7f f4 2c

boot_data:  17 7f f4 20 - start: 177ff000, length: b2000, plugin_flag: 00000000

self:            17 7f f4 00

csf:             17 8a f0 00

 

size of data to be signed = csf - self = 178af000 - 177ff400 = afc00

u-boot burned to device with seek = 0x400

0xafc00 + 0x400 = 0xB0000

 

and my signing script:

 

objcopy -I binary -O binary --pad-to 0xafc00 --gap-fill=0xFF $DIR/u-boot.imx u-boot-pad.imx

 

./cst -o u-boot-csf.bin -i u-boot.csf

#0xB0000 + 0x2000 = 0xB20000 = boot_data->length.

objcopy -I binary -O binary --pad-to=0x2000 --gap-fill=0x00 u-boot-csf.bin u-boot-csf-pad.bin

 

cat u-boot-pad.imx u-boot-csf-pad.bin > u-boot-signed.imx

 

So, what am I doing wrong?

Outcomes