FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

I am seeng HAB event occurring when I authenticate Kernel image using HABv4

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

I am seeng HAB event occurring when I authenticate Kernel image using HABv4

‎09-15-2023 01:20 PM
547 Views
JasonC007
Contributor I

I create Kernel image and tested using hab_auth_img command as described below.
I am basically following the documentation mx6_mx7_secure_boot.txt and csf_additional_images.txt.
But I see a HAB event.

If someone can find what I did it wrong, please advise me.

The authenticate data section of my csf file is as below.
[Authenticate Data]
    # Key slot index used to authenticate the image data
    Verification index = 2
    # Authenticate Start Address, Offset, Length and file
    Blocks = 0x48200000 0x00000000 0x007b2000 "kernel_pad.bin"

And this kernel_pad.bin is created as below.
$ objcopy -I binary -O binary --pad-to 0x7b2000 --gap-fill=0x00 kernel.itb kernel_pad.bin

And this kernel.itb is created as below.
$ mkimage -f auto -A arm64 -O linux -T kernel -C gzip -n "My Kernel" -a 0x40200000 -e 0x40200000 -d ./Image.gz ./kernel.itb

Final Kernel image bootm uses is Kernel_signed.bin
And Kernel_signed.bin is created as follow.
$ cat Kernel_pad_ivt.bin csf_kernel.bin > Kernel_signed.bin

And Kernel_pad_ivt.bin is created as follow.
$ cat kernel_pad.bin ivt.bin > Kernel_pad_ivt.bin

And ivt.bin is created as below.
echo "0xd1002041 0x00002048 0x00000000 0x00000000 0x00000000 0x00209b48 0x20209b48 0x00000000" | xxd -r -p > ivt.bin

And I run hab_auth_img command from uboot and I saw this messages.

u-boot=> hab_auth_img 0x48200000 0x489b2000 0x7b2000

Authenticate image from DDR location 0x48200000...

ivt_offset = 0x7b2000, ivt addr = 0x489b2000
ivt entry = 0x48200000, dcd = 0x00000000, csf = 0x489b2020
Dumping IVT
489b2000: 412000d1 48200000 00000000 00000000  .. A.. H........
489b2010: 00000000 489b2000 489b2020 00000000  ..... .H  .H....
Dumping CSF Header
489b2020: 425000d4 000c00be 00001703 50000000  ..PB...........P
489b2030: 020c00be 01000009 64020000 000c00ca  ...........d....
489b2040: 001dc501 10100000 000c00be 02000009  ................
489b2050: b8070000 001400ca 001dc502 0c0d0000  ................

Secure boot enabled

HAB Configuration: 0xcc, HAB State: 0x99
No HAB Events Found!


Calling authenticate_image in ROM
        ivt_offset = 0x7b2000
        start = 0x48200000
        bytes = 0x489b2000

Secure boot enabled

HAB Configuration: 0xcc, HAB State: 0x99

--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x48 0x9b 0x20 0x00
        0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

u-boot=>

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

0 Kudos
Reply
2 Replies

‎09-17-2023 09:00 PM
446 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi @JasonC007 

It seems the length of authenticate data for ivt missed and Kernel_pad_ivt.bin should be authenticated instead.

  Blocks = 0x48200000 0x00000000 0x007b2000 "kernel_pad.bin"

 

Best regards

Harvey

0 Kudos
Reply

‎09-19-2023 10:27 AM
420 Views
JasonC007
Contributor I

Thanks!

Tested as recommended and the HAB event has gone!

0 Kudos
Reply