FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to check hab_status on u-boot

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to check hab_status on u-boot

‎04-23-2024 01:50 AM
245 Views
yumy
Contributor I

Hi,

我現在正在IMX8MQ EVK上開發Secure boot

首先在imx8mq_evk_defconfig確認CONFIG_SECURE_BOOT、CONFIG_IMX_HAB都已開啟

在u-boot menuconfig裡HAB功能也已開啟

但將u-boot.bin燒錄到imx8mq-evk,進入u-boot確認hab_status,卻顯示沒這個命令

u-boot=> hab_status
Unknown command 'hab_status' - try 'help'

請問開啟HAB的步驟有缺少嗎?

以及要如何使用hab_status呢?

謝謝

0 Kudos
Reply
3 Replies

‎04-23-2024 07:59 PM
206 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi,

新的bsp,只需要配置CONFIG_IMX_HAB就可以了。在运行make之前,你看下.config里是否已经有了配置项CONFIG_IMX_HAB=y.

 

Regards

Harvey

0 Kudos
Reply

‎04-24-2024 01:51 AM
186 Views
yumy
Contributor I

Hi,

我成功啟用了hab_status功能,但發現有以下HAB event出現

u-boot=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x1c 0x44 0x33 0x18 0xc0 0x00
0xca 0x00 0x14 0x00 0x02 0xc5 0x1d 0x00
0x00 0x00 0x0b 0x40 0x00 0x7e 0x0f 0xc0
0x00 0x03 0xa4 0x00

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x44 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x40 0x1f 0xbd 0xc0
0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x44 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x40 0x1f 0xad 0xc0
0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x44 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x7e 0x0f 0xc0
0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x44 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x7e 0x0f 0xe0
0x00 0x00 0x00 0x01

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 6 -----------------
event data:
0xdb 0x00 0x14 0x44 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x00 0x7e 0x10 0x00
0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 7 -----------------
event data:
0xdb 0x00 0x3c 0x44 0x33 0x18 0xc0 0x00
0xca 0x00 0x34 0x00 0x02 0xc5 0x1d 0x00
0x00 0x00 0x0b 0x58 0x40 0x1f 0xad 0xc0
0x00 0x00 0x10 0x20 0x40 0x20 0x00 0x00
0x00 0x10 0xec 0x90 0x40 0x30 0xec 0x90
0x00 0x00 0xdf 0x60 0x00 0x91 0x00 0x00
0x00 0x00 0xa0 0xe0 0xfe 0x00 0x00 0x00
0x00 0x08 0xa3 0x50

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

 請問是哪裡可能出問題?是因為我還沒將SRK_1_2_3_4_fuse.bin的資料燒錄到開發板嗎?

也想請問關於燒錄到fuse的正確地址需去哪裡查閱,我使用的開發板為IMX8MQ-EVK

以下是有關SRK_1_2_3_4_fuse.bin的資料

$ hexdump -e '/4 "0x"' -e '/4 "%X""\n"' < SRK_1_2_3_4_fuse.bin
0x2A3665AB
0xE454DD02
0x93E2161F
0x40A86A4E
0xD00A3CC
0xC8AF8196
0x584C92BD
0x6A8A8D5F

 謝謝

0 Kudos
Reply

‎04-24-2024 02:17 AM
184 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi,

从第一个event来看的,是签名错误。 没有烧写SRK FUSE hash值在不同hab版本是会出现报错。

烧写SRK fuse的地址可以参考mx8m_secure_boot.txt  这个链接可以作为签名参考使用。

 

Regards

Harvey

0 Kudos
Reply