AnsweredAssumed Answered

IMX6Solox HAB status (CSF PTR is 0x00000000 )

Question asked by Tomas Klein on Nov 1, 2018

Hello,

I am trying to achive a secure boot for IMX6SoloX processor. I generate custom image with Yocto. I used manual Secure Boot on i.MX 50,  i.MX 53, i.MX 6 and  i.MX 7 Series using HABv4, how to create secure boot for imx processors and also i downloaded cst-3.1.0 to generate keys, program fuses, (fuses are OK i checked that with fuse read 3 0, fuse ...) ... . Version of u-boot is 2017.11.

 

I stuck on the step to create custom csf file. I need to find out value of Blocks to sign, so i used a Extracting U - boot data for CSF from page 27.After i used od -X -N 0x20 u-boot.imx a get this numbers :

 

0000000 402000d1 87800000 00000000 877ff42c
0000020 877ff420 877ff400 00000000 00000000

 

And value of CSF PTR is 0x00000000. So i tried to use reference value from manual  for length 0x6DC00. But after ./bin/cst --o u-boot_csf.bin --i u-boot_sign.csf a get error: Invalid Block arguments, Blocks start offset and length together exceed file size in command AuthenticateData. After that i tried to use size of my u-boot.imx as a length value and i successfully and signed data available in u-boot_csf.bin. (.csf file attached)

 

After that i boot from usb and copy u-boot_signed.imx wtih this procedure.

1.)copy u-boot.imx to USB
2.)mount usb stick
3.)clear boot config: dd if=/dev/zero of=/dev/mmcblk3 bs=1k seek=384 conv=fsync count=129
4.)echo 0 > /sys/block/mmcblk3boot0/force_ro
5.)dd if=u-boot_signed.imx of=/dev/mmcblk3boot0 bs=512 seek=2
6.)echo 1 > /sys/block/mmcblk3boot0/force_ro
7.)mmc bootpart enable 1 1 /dev/mmcblk3

 

After reboot i wrote HAB_status and i got a result:

=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

 

--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x08 0x41 0x33 0x22 0x0a 0x00

 

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ADDRESS (0x22)
CTX = HAB_CTX_AUTHENTICATE (0x0A)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x00
        0x00 0x00 0x00 0x20

 

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 3 -----------------
event data:
        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x2c
        0x00 0x00 0x02 0x08

 

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 4 -----------------
event data:
        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x20
        0x00 0x00 0x00 0x01

 

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 5 -----------------
event data:
        0xdb 0x00 0x14 0x41 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x87 0x80 0x00 0x00
        0x00 0x00 0x00 0x04

 

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

 

Thanks for any advice

 

EDIT: I needed to define  CSF value for HAB in recipes-bsp/u-boot/files/git/board/../imximage.cfg -> CSF 0x2000

Attachments

Outcomes