AnsweredAssumed Answered

High Assurance Boot Application Note wrong for HAB and mfgtool?

Question asked by Pieter Smith on Dec 14, 2018

I have been spending a lot of time getting HAB working on an i.MX7 for the mfgtool (uuu). I eventually got it working after a lot of troubleshooting.

 

Problem is: The way I got it working runs completely counter to what https://www.nxp.com/docs/en/application-note/AN4581.pdf specifies!

 

In Appendix F.1. in AN4581, it clearly explains that the CSF signature should be generated against the u-boot image with the DCD table pointer zeroed, and that the DCD table should also be signed as if located in OCRAM. The resulting signature can then be attached to the back of the image with the DCD table pointer restored to its original value. This does not work on the silicon on my desk. On the device I get a `HAB_INV_SIGNATURE` as the first event followed by a further 5 events.

 

If I skip the DCD table pointer zeroing, I get `No HAB Events Found!`. So it works... But will it keep on working for future `mfgtool` or silicon versions?

 

Can anybody explain what I am seeing?

Outcomes