AnsweredAssumed Answered

HAB check_target failure on iMX6DP

Question asked by Nikoo Naeemi on Aug 13, 2019
Latest reply on Aug 19, 2019 by Yuri Muhin

Hello,

 

I am trying to authenticate an FSBL on an iMX6DP target. The HAB version, based on the RM, is 4.2.7.

 

The SRK fuses are programmed, and device is in open non-secure status.

 

Here is the debug results for the HAB events:
------------+----+------+----+-------------------------------------------------
Event       |0xdb|0x0014|0x42| SRCE Field: 33 22 33 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_ADDRESS (0x22)
| | | | CTX = HAB_CTX_TARGET (0x33)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Evt Data (hex):
| | | | 00 00 00 0f 00 90 70 00 07 ff 00 00
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0008|0x42| SRCE Field: 33 11 cf 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_CSF (0x11)
| | | | CTX = HAB_CTX_CSF (0xCF)
| | | | ENG = HAB_ENG_ANY (0x00)
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0014|0x42| SRCE Field: 33 0c a0 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_ASSERTION (0x0C)
| | | | CTX = HAB_CTX_ASSERT (0xA0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Evt Data (hex):
| | | | 00 00 00 00 00 90 80 00 00 00 00 20
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0014|0x42| SRCE Field: 33 0c a0 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_ASSERTION (0x0C)
| | | | CTX = HAB_CTX_ASSERT (0xA0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Evt Data (hex):
| | | | 00 00 00 00 00 90 80 2c 00 00 03 58
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0014|0x42| SRCE Field: 33 0c a0 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_ASSERTION (0x0C)
| | | | CTX = HAB_CTX_ASSERT (0xA0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Evt Data (hex):
| | | | 00 00 00 00 00 90 80 20 00 00 00 01
------------+----+------+----+-------------------------------------------------
Event |0xdb|0x0014|0x42| SRCE Field: 33 0c a0 00
| | | | STS = HAB_FAILURE (0x33)
| | | | RSN = HAB_INV_ASSERTION (0x0C)
| | | | CTX = HAB_CTX_ASSERT (0xA0)
| | | | ENG = HAB_ENG_ANY (0x00)
| | | | Evt Data (hex):
| | | | 00 00 00 00 00 90 83 90 00 00 00 04
------------+----+------+----+-------------------------------------------------

The first event is a check target HAB engine failure. and based on event data it is a load to memory region check failure. 00 00 00 0f [type=memory]00 90 70 00 [starting address of the region]07 ff 00 00[size in bytes]

 

The Boot device is a NOR flash (IVT Offset = 0x1000) and I am using CST_2.3.2 and a CSF file that has a single authenticate image block starting from IVT_self = 0x908000, offset=0x00 and size of the image.

 

The same scripts for signing the image was tested on HAB versions prior to  4.2.5, that does not support check target command without any HAB events.

 

It will be great if you can help me find more information about the check target command and what may have caused the events. I could not find any information on the HAB4 API and CST User Guide documents.

 

Thank you,

 

Nikoo

Outcomes