AnsweredAssumed Answered

HAB, loading to OCRAM and software update

Question asked by Matias Larsson on Sep 11, 2019
Latest reply on Oct 3, 2019 by Matias Larsson

Hi,

We have an i.MX7D and are using HAB on it. I have a couple of questions and hope someone can help.

 

First question. We have until now loaded the first-stage bootloader to OCRAM (0x918000) and booted from there. (This is a custom bootloader for what it's worth mentioning.) When booting a signed bootloader with SRK eFuses burned, we get the HAB_INV_ADDRESS event with HAB_CTX_TARGET as context. If I change the linker script so that the bootloader is loaded to DRAM, everything is fine, I get no HAB events. I have checked that the OCRAM address does not overlap with HAB persistent memory region according to https://www.nxp.com/docs/en/application-note/AN12263.pdf. One curious thing that I noticed in the event data is that HAB apparently tries to validate the region with a length of 0x10000000. See the event data below.

event data:
0xdb 0x00 0x14 0x42 0x33 0x22 0x33 0x00
0x00 0x00 0x00 0x0f 0x00 0x91 0x80 0x00
0x10 0x00 0x00 0x00

 

What could be the reason to this behavior from HAB? How does HAB decide the memory region length used in this operation?

 

By "firmware" I mean whatever the bootloader loads, i.e. non-bootloader software.

Second question. Do you have any recommendations for how to handle a firmware update? We would like to authenticate the image before flashing and of course before execution. I can come up with at least one solution but I wonder if there's a better/easier way. My solution is as follows. Make a separate (signed) image of the firmware updater code and load it to a known address in RAM that will not overlap with firmware. Then the new, updated firmware image can be loaded to the authenticated memory region (as specified in the CSF) and we can just call authenticate_image() from the updater code. This way we only need to authenticate the region where we inted to execute the firmware and nothing else. But then we need to maintain this extra updater image and handle its updates somehow as well.

 

What do you think, how should we handle the firmware updates?

 

BR,

 

Matias Larsson

Outcomes