AnsweredAssumed Answered

i.MX6ULL HAB Signed U-boot Not Working

Question asked by huzaifi on Feb 28, 2018
Latest reply on Apr 26, 2019 by Jose Diaz de Grenu de Pedro

Hey,

 

I'm trying to implement HAB on a i.mx6ull target.

 

I followed the instructions of AN4581 (http://www.nxp.com/assets/documents/data/en/application-notes/AN4581.pdf).

 

I'm using the following CSF file, the HAB Blocks being from the output of the mkimage command.

[Header]
Version = 4.1
Hash Algorithm = sha256
Engine = ANY
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS

 

[Install SRK]
File = "../crts/SRK_1_2_3_4_table.bin"
Source index = 0 # Index of the key location in the SRK table to be installed

 

[Install CSFK]
# Key used to authenticate the CSF data
File = "../crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem"

 

[Authenticate CSF]

 

[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target Index = 2
# Key to install
File= "../crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem"

 

[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
#        Address    Offset  Length    Data File Path
Blocks = 0x177ff400 0x0 0x58c00   "u-boot.imx"

 

The signed uboot is then generated using commands like:

./cst --o csf-uboot.bin --i csf-uboot
cat u-boot.imx csf-uboot.bin > u-boot-signed.imx

 

This u-boot is next flashed on the MMC of my target device.

 

The resulting u-boot-signed.imx doesn't work. The following events are generated:

 

--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x14 0x42 0x33 0x18 0xc0 0x00
        0xca 0x00 0x0c 0x00 0x01 0xc5 0x00 0x00
        0x00 0x00 0x0d 0xdc

 

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

 


--------- HAB Event 2 -----------------
event data:
        0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x00
        0x00 0x00 0x00 0x20

 

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

 


--------- HAB Event 3 -----------------
event data:
        0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x2c
        0x00 0x00 0x02 0x08

 

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

 


--------- HAB Event 4 -----------------
event data:
        0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x17 0x7f 0xf4 0x20
        0x00 0x00 0x00 0x01

 

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

 


--------- HAB Event 5 -----------------
event data:
        0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x17 0x80 0x00 0x00
        0x00 0x00 0x00 0x04

 

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

 

Furthermore, if I use the CAAM or SW engines int he header of the csf file, the signed u-boot does not boot at all. I want to point out that I am using a 4K key (4096). I already have my fuses programmed. 

 

How do I fix these HAB events? How do i get engines other than ANY to work. Also, I see that most people use a 2K key (2048), Does that play a role?

 

Thank you for the help!

Outcomes