AnsweredAssumed Answered

hab_auth_img problem

Question asked by Antonio Santagiuliana on Mar 30, 2020
Latest reply on Jun 23, 2020 by Antonio Santagiuliana

Hello,

I am using imx8mm-evk.

I am trying to sign a Kernel image and verify its signature from u-boot with command hab_auth_img.

I followed the instruction at mx8m_mx8mm_secure_boot.txt\guides\habv4\imx\doc - uboot-imx - i.MX U-Boot  , chapter 2.

I am not sure I interpreted correctly what in that page they call  "load Address" in the genIVT.pl script , is that meaning the Image load address or the IVT load address ? 

I filled it in with my image load address. So my genIVT.pl is now : 

#! /usr/bin/perl -w
use strict;
open(my $out, '>:raw', 'ivt.bin') or die "Unable to open: $!";
print $out pack("V", 0x412000D1); # Signature
print $out pack("V", 0x40480000); # Load Address (*load_address)
print $out pack("V", 0x0); # Reserved
print $out pack("V", 0x0); # DCD pointer
print $out pack("V", 0x0); # Boot Data
print $out pack("V", 0x41AF6000); # Self Pointer (*ivt)
print $out pack("V", 0x41AF6020); # CSF Pointer (*csf)
print $out pack("V", 0x0); # Reserved
close($out);

I considered self pointer to be set to 0x41AF6000 because I calculated that as Load Address + Image size after padding (0x01676000 ) .

+32 bit and I get also CSF pointer . 

Is this interpretation correct ?

 

Now I have the csf_additional.txt : 

[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks =
0x40480000 0x00000000 0x01676000 "Image-imx8mmevk_pad_ivt.bin"

Is this correct ? I put length of file excluding IVT table but including padding. Or should I put length including ivt.bin ( length of the full Image-imx8mmevk_pad_ivt.bin file ) here ? OT excluding both IVT and padding ?

 

at u-boot prompt then :

 

 u-boot=> fatload mmc 1:1 0x40480000 Image-imx8mmevk_signed.bin

23555936 bytes read in 275 ms (81.7 MiB/s)

u-boot=> hab_auth_img 0x40480000 0x1676000 0x41AF6000 

hab fuse not enabled

 

Authenticate image from DDR location 0x40480000...

bad magic magic=0x0 length=0x00 version=0x0

bad length magic=0x0 length=0x00 version=0x0

bad version magic=0x0 length=0x00 version=0x0

Error: Invalid IVT structure

 

Allowed IVT structure:

IVT HDR       = 0x4X2000D1

IVT ENTRY     = 0xXXXXXXXX

IVT RSV1      = 0x0

IVT DCD       = 0x0

IVT BOOT_DATA = 0xXXXXXXXX

IVT SELF      = 0xXXXXXXXX

IVT CSF       = 0xXXXXXXXX

IVT RSV2      = 0x0

 

I tried also with 

u-boot=> hab_auth_img 0x40480000 0x1676F60  0x41AF6000 ( 0x1676F60   is the full file size including ivt part ).

But I got same error

Please see also attachments 

Attachments

Outcomes