I work on a board derived from the imx8mm-evk board.
I try to setup secure boot on the device. I follow instruction found here mx8m_mx8mm_secure_boot.txt\guides\habv4\imx\doc - uboot-imx - i.MX U-Boot
So here is the steps:
- Configure UBOOT with CONFIG_SECURE_BOOT=y
- with yocto add in imx-boot recipes print_hab_status command
- generate image and retrieve the flash image imx-boot*.bin-flah_evk
- generate certificates using Code Signing Tool and SRK hash
- using script habv4_pki_tree and srktool
- Create CSF files for SPL and FIT and generate binaries to insert into signed image
- using cst binary
- Assemble final image with SPL and FIT
- using dd
- Flash the board using UUU
- uuu -b emmc_all imx-boot-signed.bin image-rootfs.sdcard.bz2
I check that nothing happens with hab_status
I fuse SRK hash and close device.
Device continue to boot and works. Very happy at this point.
I try to flash again with UUU the same image just to verify that everything is ok.
And now, I have the following issue:
Authenticate image from DDR location 0x40480000...
bad magic magic=0xa4 length=0x81 version=0x0
bad length magic=0xa4 length=0x81 version=0x0
bad version magic=0xa4 length=0x81 version=0x0
Error: Invalid IVT structure
Allowed IVT structure:
IVT HDR = 0x4X2000D1
IVT ENTRY = 0xXXXXXXXX
IVT RSV1 = 0x0
IVT DCD = 0x0
IVT BOOT_DATA = 0xXXXXXXXX
IVT SELF = 0xXXXXXXXX
IVT CSF = 0xXXXXXXXX
IVT RSV2 = 0x0
Authenticate Image Fail, Please check
I try hab_status, and nothing
Secure boot enabled
HAB Configuration: 0xcc, HAB State: 0x99
No HAB Events Found!
If I understand correctly the system, the bootloader is authenticated, but image not. But I never signed the image.
Any help is welcome.