AnsweredAssumed Answered

Why I am getting these HAB events? Dealing with QSPI FLASH offset.

Question asked by Gaston Bassi on Sep 16, 2019
Latest reply on Oct 2, 2019 by Gaston Bassi

I am using the following tools:

 

After generating u-boot.imx with HAB features enabled, the output is as follows:

Image Type:   Freescale IMX Boot Image
Image Ver:    2 (i.MX53/6/7 compatible)
Mode:         DCD
Data Size:    638976 Bytes = 624.00 KiB = 0.61 MiB
Load Address: 877ff908
Entry Point:  87800000
HAB Blocks:   877ff8e8 00000000 00097000
DCD Blocks:   00910000 0000002c 000001e8

Therefore, my csf file is:

[Header]
Version = 4.2
Hash Algorithm = sha256
Engine = ANY
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS

 

[Install SRK]
File = "../../crts/SRK_1_2_3_4_table.bin"
# Index of the key location in the SRK table to be installed
Source index = 0

 

[Install CSFK]
# Key used to authenticate the CSF data
File = "../../crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem"

 

[Authenticate CSF]

 

[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target Index = 2
# Key to install
File= "../../crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem"

 

[Authenticate Data]
Verification index = 2
Blocks = 0x877ff8e8    0x0000    0x97000    "u-boot.imx"

 

[Authenticate Data]
Verification index = 2
Blocks = 0x910000    0x2c    0x1e8    "u-boot.imx"

Then, I compile the csf binary:

./cst --o csf-uboot.bin --i csf-uboot
CSF Processed successfully and signed data available in csf-uboot.bin

Afterwards, I concatenate it to the uboot.imx and flash it to the target:

cat u-boot.imx csf-uboot.bin > u-boot-signed.imx

uuu -b qspi u-boot-signed.imx   
uuu (Universal Update Utility) for nxp imx chips -- libuuu_1.3.63-0-gea1d1ee

Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     1/ 0 [                                      ]                                                                                               
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     1/ 8 [                                      ] FB: ucmd setenv fastboot_buffer ${loadaddr}                                                   
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     1/ 8 [                                      ] FB: ucmd setenv fastboot_buffer ${loadaddr}                                                   
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     1/ 8 [                                      ] FB: ucmd setenv fastboot_buffer ${loadaddr}                                                   
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     2/ 8 [                                      ] FB: download -f u-boot-signed.imx                                                             
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     2/ 8 [                                      ] FB: download -f u-boot-signed.imx                                                             
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     2/ 8 [                                      ] FB: download -f u-boot-signed.imx                                                             
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     3/ 8 [                                      ] FB: ucmd if qspihdr dump ${fastboot_buffer}; then setenv qspihdr_exist yes; else setenv qspihd
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     3/ 8 [                                      ] FB: ucmd if qspihdr dump ${fastboot_buffer}; then setenv qspihdr_exist yes; else setenv qspihd
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     3/ 8 [                                      ] FB: ucmd if qspihdr dump ${fastboot_buffer}; then setenv qspihdr_exist yes; else setenv qspihd
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     4/ 8 [                                      ] FB[-t 60000]: ucmd if test ${qspihdr_exist} = yes; then qspihdr init ${fastboot_buffer} ${fast
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     4/ 8 [                                      ] FB[-t 60000]: ucmd if test ${qspihdr_exist} = yes; then qspihdr init ${fastboot_buffer} ${fast
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     4/ 8 [                                      ] FB[-t 60000]: ucmd if test ${qspihdr_exist} = yes; then qspihdr init ${fastboot_buffer} ${fast
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     5/ 8 [                                      ] FB: ucmd if test ${qspihdr_exist} = no; then sf probe; else true; fi;                         
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     5/ 8 [                                      ] FB: ucmd if test ${qspihdr_exist} = no; then sf probe; else true; fi;                         
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     5/ 8 [                                      ] FB: ucmd if test ${qspihdr_exist} = no; then sf probe; else true; fi;                         
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     6/ 8 [                                      ] FB[-t 40000]: ucmd if test ${qspihdr_exist} = no; then sf erase 0 +${fastboot_bytes}; else tru
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     6/ 8 [                                      ] FB[-t 40000]: ucmd if test ${qspihdr_exist} = no; then sf erase 0 +${fastboot_bytes}; else tru
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     6/ 8 [                                      ] FB[-t 40000]: ucmd if test ${qspihdr_exist} = no; then sf erase 0 +${fastboot_bytes}; else tru
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     7/ 8 [                                      ] FB[-t 20000]: ucmd if test ${qspihdr_exist} = no; then sf write ${fastboot_buffer} 0 ${fastboo
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     7/ 8 [                                      ] FB[-t 20000]: ucmd if test ${qspihdr_exist} = no; then sf write ${fastboot_buffer} 0 ${fastboo
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     7/ 8 [                                      ] FB[-t 20000]: ucmd if test ${qspihdr_exist} = no; then sf write ${fastboot_buffer} 0 ${fastboo
Success 0    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     8/ 8 [                                      ] FB: done                                                                                      
Success 1    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     8/ 8 [Done                                  ] FB: done                                                                                      
Success 1    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     8/ 8 [Done                                  ] FB: done                                                                                      
Success 1    Failure 0                                                                                                                              
                                                                                                                                                     
2:12     8/ 8 [Done                                  ] FB: done  

 

Then, I change the target Boot Mode, to Internal boot QSPI FLASH, and exectute hab_status:

U-Boot 2018.03-01209-gb9dc0acc7a (Sep 16 2019 - 13:20:31 -0300)

CPU:   Freescale i.MX6UL rev1.1 528 MHz (running at 396 MHz)
CPU:   Industrial temperature grade (-40C to 105C) at 41C
Reset cause: POR
Model: Freescale i.MX6 UltraLite 14x14 EVK Board
Board: MX6UL 14x14 EVK
DRAM:  512 MiB
MMC:   FSL_SDHC: 0, FSL_SDHC: 1
Loading Environment from SPI Flash... SF: Detected n25q256 with page size 256 Bytes, erase size 64 KiB, total 32 MiB
*** Warning - bad CRC, using default environment

Failed (-5)
Display: TFT43AB (480x272)
Video: 480x272x24
In:    serial
Out:   serial
Err:   serial
Net:
Warning: ethernet@020b4000 using MAC address from ROM
eth1: ethernet@020b4000 [PRIME]
Warning: ethernet@02188000 using MAC address from ROM
, eth0: ethernet@02188000
Fastboot: Normal
Normal Boot
Hit any key to stop autoboot:  2                                                                  0
=> hab_status
hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x08 0x42 0x33 0x22 0x0a 0x00

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ADDRESS (0x22)
CTX = HAB_CTX_AUTHENTICATE (0x0A)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
        0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x87 0x7f 0xf8 0xe8
        0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 3 -----------------
event data:
        0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x87 0x7f 0xf9 0x14
        0x00 0x00 0x01 0xe8

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 4 -----------------
event data:
        0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x87 0x7f 0xf9 0x08
        0x00 0x00 0x00 0x01

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 5 -----------------
event data:
        0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x87 0x80 0x00 0x00
        0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

=>

 

Analyzing the HAB Events, this is what I get:

  • Event 1: Means either IVT self/entry point is NULL or IVT, DCD, Boot Data, CSF outside image bounds
  • Event 2: ADDR: 0x877FF8E8 (ivt self), LENGTH: 0x20 -> HAB_INV_ASSERTION (same error for following events)
  • Event 3: ADDR: 0x877FF914 (ivt dcd), LENGTH: 0x1E8
  • Event 4: ADDR: 0x877FF908 (ivt boot data), LENGTH: 0x1
  • Event 5: ADDR: 0x87800000 (ivt entry), LENGTH: 0x4

 

Performed Tests:

  1. QSPI NOR Flash needs an offset of 0x1000. However, if I put that offset in the Authorization Data, it throws the following error:

    Invalid Block arguments, Blocks start offset and length together exceed file size in command AuthenticateData

    CSF FILE:

    [Authenticate Data]
    Verification index = 2
    Blocks = 0x877ff8e8    0x1000    0x97000    "u-boot.imx"

    [Authenticate Data]
    Verification index = 2
    Blocks = 0x910000    0x2c    0x1e8    "u-boot.imx"

  2. If I keep the offset in 0x0 and change the offset of the DCD block, from 0x2c to 0x102c (where it actually is), it compiles but throws HAB events too.
  3. If I follow this point UUU default support protocol list · NXPmicro/mfgtools Wiki · GitHub
    (HABv4 closed chip support). I need to change the skip from 12 to 4108 due to the 4096 offset (0x1000) to make it work properly. However, the result is HAB events too.

 

Further questions:

  1. Where does the Address of DCD block comes from? (0x910000)
  2. How should I deal with the 0x1000 offset in order to get right auth?

 

Important note:

I didn't flash the fuses of SRK table since I didn't want to preset my SoC with that unchangeable fuses. I don't know if that is stricticly needed or the error is happenning despite that.

Fuses are:

hexdump -e '/4 "0x"' -e '/4 "%X""\n"' SRK_1_2_3_4_fuse.bin
0x96832B1F
0xE12277B4
0x8E497D81
0x7983AB8F
0xFA699F3C
0x8AA5A4E5
0xBC4A85F7
0xC56A7837

 

Thanks in advance,

Outcomes