I am using imx8mm-evk.
I am trying to sign a Kernel image and verify its signature from u-boot with command hab_auth_img.
I am not sure I interpreted correctly what in that page they call "load Address" in the genIVT.pl script , is that meaning the Image load address or the IVT load address ?
I filled it in with my image load address. So my genIVT.pl is now :
I considered self pointer to be set to because I calculated that as Load Address + Image size after padding (.
+32 bit and I get also CSF pointer .
Is this interpretation correct ?
Now I have the csf_additional.txt :
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x00000000 0x01676000 "Image-imx8mmevk_pad_ivt.bin"
Is this correct ? I put length of file excluding IVT table but including padding. Or should I put length including ivt.bin ( length of the full
u-boot=> fatload mmc 1:1 0x40480000 Image-imx8mmevk_signed.bin
23555936 bytes read in 275 ms (81.7 MiB/s)
u-boot=> hab_auth_img 0x40480000 0x1676000 0x41AF6000
hab fuse not enabled
Authenticate image from DDR location 0x40480000...
bad magic magic=0x0 length=0x00 version=0x0
bad length magic=0x0 length=0x00 version=0x0
bad version magic=0x0 length=0x00 version=0x0
Error: Invalid IVT structure
Allowed IVT structure:
IVT HDR = 0x4X2000D1
IVT ENTRY = 0xXXXXXXXX
IVT RSV1 = 0x0
IVT DCD = 0x0
IVT BOOT_DATA = 0xXXXXXXXX
IVT SELF = 0xXXXXXXXX
IVT CSF = 0xXXXXXXXX
IVT RSV2 = 0x0
I tried also with
u-boot=> hab_auth_img 0x40480000 0x1676F60 0x41AF6000 ( 0x1676F60 is the full file size including ivt part ).
But I got same error
Please see also attachments