Hello,
I try to authenticate and encrypt my kernel image with HABv4. I'm working on a customers imx6 platform with U-Boot 2005.10. U-Boot is signed, I have no hab events and my board is closed.
Now I want to load and decrypt a kernel image.
For this I generated a CSF-File as following:
[Header]
Version = 4.1
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "/done/crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
File = "/done/crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Key to install
Target index = 2
File = "/done/crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem"
[Authenticate Data]
Verification index = 2
Blocks = 0x1255b000 0x0055b000 0x20 "zImage_fsl_3.10.17_ivt"
[Install Secret Key]
Verification index = 0
Target index = 0
Key = "./dek.bin"
Key Length = 128
Blob address = 0x0055d000
[Decrypt Data]
Verification index = 0
Mac Bytes = 16
Blocks = 0x12000000 0x0 0x0055b000 "zImage_fsl_3.10.17_ivt"
I generate a signature of zImage_fsl_3.10.17 by
./cst --o zImage_fsl_3.10.17_sig --i zImage_fsl_3.10.17_ivt.csf
I pad the zImage to the size of 0x55b000, hang the signature behind that and pad to 0x55d000.
The generated dek.bin do I blob in U-Boot on the target with this commands:
ext2load mmc 1:1 0x18000000 dek.bin
dek_blob 0x18000000 0x18001000 128
ext4write mmc 1:1 0x18001000 /dek_blob.bin 0x48
Then I hang the dek_blob.bin behind on the image on offset 0x55d000.
When I load the image to the RAM in U-Boot I have the following IVT
=> md.b 0x1255b000
1255b000: d1 00 20 41 00 00 00 12 00 00 00 00 00 00 00 00 .. A............
1255b010: 00 00 00 00 00 b0 55 12 20 b0 55 12 00 00 00 00 ......U. .U.....
The signature starts here:
1255b020: d4 00 70 41 be 00 0c 00 03 17 00 00 00 00 00 70 ..pA...........p
1255b030: be 00 0c 02 09 00 00 01 00 00 08 b0 ca 00 0c 00 ................
The dek_blob.bin is in the RAM at
=> md.b 0x1255d000
1255d000: 81 00 48 41 66 55 10 00 91 64 60 d4 54 19 16 33 ..HAfU...d`.T..3
1255d010: 58 d0 d4 cb 7b 2e 7e 57 47 80 ff 96 64 e8 7b 3a X...{.~WG...d.{:
1255d020: 94 ec e0 e9 75 ca 3e a0 ba db 2a 76 1c f1 e1 f3 ....u.>...*v....
1255d030: bf 2a 76 dc 85 a9 a3 0b 59 57 13 ec 5d 62 cb 08 .*v.....YW..]b..
But when I try to authenticate the image...
=> hab_auth_img 0x12000000 0x55b000
Authenticate image from DDR location 0x12000000...
...it will hang here and reboots 128s after that through the watchdog.
What I'm doing wrong ?
已解决! 转到解答。
Ok, don't say anything...next time I will tell it to my dog and then I know the answer too....
Blob_Address is wrong...