HAB Integration Difficulties

显示  仅  | 搜索替代 

HAB Integration Difficulties

6,132 次查看
Contributor IV


I was wondering if someone could help me out with getting the secure bootloader working. Once everything gets placed and placed onto the device using the Windows manufacturing tool, I get the following from the console window at boot:

U-Boot 2009.08-00030-g9752205-dirty (Jun 09 2015 - 10:33:32)

U-Boot code: 278006E0 -> 27835200  BSS: -> 2786FE68

CPU: Freescale i.MX6 family TO1.2 at 792 MHz

Thermal sensor with ratio = 178

Temperature:   30 C, calibration data 0x5694d869

mx6q pll1: 792MHz

mx6q pll2: 528MHz

mx6q pll3: 480MHz

mx6q pll8: 50MHz

ipg clock     : 66000000Hz

ipg per clock : 66000000Hz

uart clock    : 80000000Hz

cspi clock    : 60000000Hz

ahb clock     : 132000000Hz

axi clock   : 264000000Hz

emi_slow clock: 132000000Hz

ddr clock     : 528000000Hz

usdhc1 clock  : 198000000Hz

usdhc2 clock  : 198000000Hz

usdhc3 clock  : 198000000Hz

usdhc4 clock  : 198000000Hz

nfc clock     : 24000000Hz

Board: i.MX6Q-SABREAUTO: unknown-board Board: 0x63012 [POR ]

Boot Device: MMC

RAM Configuration:

Bank #0: 10000000  1 GB


*** Warning - bad CRC or MMC, using default environment

In:    serial

Out:   serial

Err:   serial

HAB Configuration: 0xf0, HAB State: 0x66

No HAB Events Found!

Net:   got MAC address from IIM:


### main_loop entered: bootdelay=3

### main_loop: bootcmd="booti mmc1"

Hit any key to stop autoboot:  0

kernel   @ 10808000 (4435532)

ramdisk  @ 11800000 (235409)

Authenticate uImage from DDR location 0x10808000...

ivt_offset = 0x1030000, ivt addr = 0x11838000

Dumping IVT

0xb4253805 0x6845bc02 0xb42eb805 0xa10cfc02

0x0be7e015 0x54bf00ad 0x35f80568 0x6fc02b42

Dumping CSF Header

0xb9811e16 0x1b5cd89b 0x15a11efc 0xad0a8fe0

0x884e7f00 0x42abf804 0x11dfc024 0x99fe0122

0xeff00910 0xff804884 0x1c02442a 0xde012213

0xe6039843 0x0ee6c59e 0x216f7822 0x0a47e012

HAB Configuration: 0xf0, HAB State: 0x66

No HAB Events Found!

Calling authenticate_image in ROM

        ivt_offset = 0x1030000

        start = 0x10808000

        bytes = 0x1032020

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------

event data:

        0xdb 0x00 0x08 0x41 0x33 0x05 0x0a 0x00

Authentication Failed

So, I get a HAB_INV_INT error, which I guess means something in the IVT isn't configured correctly.  From the csf_u-boot.txt file I have

[Authenticate Data]

Verification index = 2

Blocks = 0x27800400 0x400 0x32c00 "/home/mrobbeloth/projects/quad_src_main_4.3/myandroid/out/target/product/ar6mx/u-boot-6q-pad.bin"

I use a shell script with sed to update the Blocks line based on how the bootloader build changes.

I am open to any suggestions on how to troubleshoot and correct the HAB event.

Michael Robbeloth

标签 (3)
标记 (3)
0 项奖励
25 回复数

677 次查看
Contributor III

Sorry, I didn't saw this comment.

i just looked at the patch and it looks correct.

0 项奖励

677 次查看
Contributor IV


Is there a way I can this issue escalated to get it resolved. I am really disappointed by how complex this process is to get working. It's almost getting to a point where it is hard from a business standpoint to continue to work on this verses the payback expected in terms of additional sales by implementing this capability.

Michael Robbeloth

0 项奖励

677 次查看
Contributor III
0 项奖励

677 次查看
Contributor IV

Okay, so I'm still struggling with this particular issue. I did notice that once the bootloader is loaded into memory that everything is where I expect it to be except for the IVT. It's not at 0x27800400 or 0x27800000(all 0x00 filler) or right before the CSF at 0x27833000 (there's 0xff filler) even though the IVT is in the binary itself at 0x400 offset from the beginning as expected. So where is the IVT once the bootloader loads, but before any boot commands execute?

Michael Robbeloth

0 项奖励

677 次查看
Contributor III

I haven't done secure boot with uboot 2009. But I know that there  are some tweaks to be made to the linker script for the ROM to copy the right amount of data.  Do you need to use that uboot version or can you upgrade to the latest uboot? The latest uboot does everything for you.

Also, if you repackaging boot.img you need to regenerate the signature running cst again. Since the digital signatures are really hashes then any modifications to the binary would invalidate the signature.

0 项奖励