AnsweredAssumed Answered

Own certificates as input for hab4_srk_tool

Question asked by Marc Immel on May 13, 2020
Latest reply on May 13, 2020 by Yuri Muhin

Hello,

I have own certificates and private keys  (3072 bit size) from an external PKI and want to use them for signing my image running on an im6ull with hab4 (fast authentication). So I'm omitting the step of creating the pki tree with hab4_pki_tree.sh and giving the certificates as input for the hab4_srk_tool. The tool runs through and creates the srk table and fuse values. But after burning the fuses accordingly and booting u-boot which is signed with the first srk, I get hab events as follows. Is there any special magic the hab4_pki_tree.sh tool does? Any special requirements to the certificates and keys that are used as input for creating the srk table?

 

I added one of my sample certificates as a reference.

 

 

Authenticate image from DDR location 0x84000000... Secure boot disabled HAB Configuration: 0xf0, HAB State: 0x66 --------- HAB Event 1 ----------------- event data: 0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00 0x00 0x00 0x00 0x00 0x00 0x90 0x74 0x00 0x00 0x00 0x00 0x20 STS = HAB_FAILURE (0x33) RSN = HAB_INV_ASSERTION (0x0C) CTX = HAB_CTX_ASSERT (0xA0) ENG = HAB_ENG_ANY (0x00) --------- HAB Event 2 ----------------- event data: 0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00 0x00 0x00 0x00 0x00 0x00 0x90 0x74 0x20 0x00 0x00 0x00 0x01 STS = HAB_FAILURE (0x33) RSN = HAB_INV_ASSERTION (0x0C) CTX = HAB_CTX_ASSERT (0xA0) ENG = HAB_ENG_ANY (0x00) --------- HAB Event 3 ----------------- event data: 0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00 0x00 0x00 0x00 0x00 0x00 0x90 0x80 0x00 0x00 0x00 0x00 0x04 STS = HAB_FAILURE (0x33) RSN = HAB_INV_ASSERTION (0x0C) CTX = HAB_CTX_ASSERT (0xA0) ENG = HAB_ENG_ANY (0x00) --------- HAB Event 4 ----------------- event data: 0xdb 0x00 0x14 0x42 0x33 0x18 0xc0 0x00 0xca 0x00 0x0c 0x00 0x01 0xc5 0x1b 0x00 0x00 0x00 0x08 0xe4 STS = HAB_FAILURE (0x33) RSN = HAB_INV_SIGNATURE (0x18) CTX = HAB_CTX_COMMAND (0xC0) ENG = HAB_ENG_ANY (0x00) --------- HAB Event 5 ----------------- event data: 0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00 0x00 0x00 0x00 0x00 0x84 0x91 0xc0 0x00 0x00 0x00 0x00 0x20 STS = HAB_FAILURE (0x33) RSN = HAB_INV_ASSERTION (0x0C) CTX = HAB_CTX_ASSERT (0xA0) ENG = HAB_ENG_ANY (0x00) --------- HAB Event 6 ----------------- event data: 0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00 0x00 0x00 0x00 0x00 0x84 0x00 0x10 0x00 0x00 0x00 0x00 0x04 STS = HAB_FAILURE (0x33) RSN = HAB_INV_ASSERTION (0x0C) CTX = HAB_CTX_ASSERT (0xA0) ENG = HAB_ENG_ANY (0x00) --------- HAB Event 7 ----------------- event data: 0xdb 0x00 0x14 0x42 0x33 0x1d 0xc0 0x00 0xbe 0x00 0x0c 0x02 0x09 0x00 0x00 0x01 0x00 0x00 0x04 0x90 STS = HAB_FAILURE (0x33) RSN = HAB_INV_KEY (0x1D) CTX = HAB_CTX_COMMAND (0xC0) ENG = HAB_ENG_ANY (0x00)

Attachments

Outcomes