Hi, I am trying to implement secure boot in my imx6sxsabresd board. I had successfully signed the u-boot and have managed to boot it without getting any HAB_EVENTS. Furthermore, I have also blown the SEC_CONFIG[1] fuse bit using the command fuse prog 0 6 0x2. When I boot my system from my SD card, i encounter 2 problems:
1) The reset SW3 which is used to reboot the system is not very responsive: I need to press it several times (3-4 times) before it reboots. This was not the case before I blew the SEC_CONFIG[1] fuse bit.
2) The boot process continues until the line "Waiting for root device /dev/mmcblk0p2" where it stops indefinitely. I am new to secure boot and am still learning the ropes. Therefore, I am not sure if i would have to sign the kernel and the rootfs in order to see a successful secure boot.
Attached file has the output of the boot process that is giving me problems. Any help is greatly appreciated.
Regards,
Dheeraj
Hi,
I have exactly the same behavior with my i.MX6 Solo X.
since I have "closed" device and burned the fuses, I have to reset it 3-6 times for booting...
The U-boot is flashed, signed and I had no HAB events. But it does not boot reliable... I do nothing with kernel and rootfs so far... But, of course I've planed to sign the kernel as well.
But, first I have to fix this issue...
I've also "closed" a i.MX6 board, this one works fine. But the i.MX6 Solo X does not...
thanks guys
I think the solution to this is to add the following to your CSF description. I had the same issue and this solved it for me.
[Unlock] Engine = CAAM Features = RNG
Hello,
The problem does not look as HAB related. It is not mandatory to sign kernel and rootfs.
Have You checked SD card? Tried other? Was the memory test performed recent times ?
Have a great day,
Yuri
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
Hi Yuri,
I have conducted memory tests on my sd card and even tried an other sd card. Unfortunately, the same error shows up. I am not exactly sure as to why this error is happening. Sometimes my output also becomes like this (gets stuck at "mxc_asrc 2034000.asrc: mxc_asrc registered"):
U-Boot 2017.07 (Feb 26 2018 - 17:28:06 +0800)
CPU: Freescale i.MX6SX rev1.2 996 MHz (running at 792 MHz)
CPU: Extended Commercial temperature grade (-20C to 105C) at 44C
Reset cause: POR
Board: MX6SX SABRE SDB
I2C: ready
DRAM: 1 GiB
PMIC: PFUZE100 ID=0x11
MMC: FSL_SDHC: 0, FSL_SDHC: 1, FSL_SDHC: 2
*** Warning - bad CRC, using default environment
PCI: pcie phy link never came up
Video: In: serial
Out: serial
Err: serial
Net: FEC [PRIME]
Hit any key to stop autoboot: 0
switch to partitions #0, OK
mmc2 is current device
switch to partitions #0, OK
mmc2 is current device
reading boot.scr
** Unable to read file boot.scr **
reading zImage
5545496 bytes read in 273 ms (19.4 MiB/s)
Booting from mmc ...
reading imx6sx-sdb.dtb
48951 bytes read in 19 ms (2.5 MiB/s)
Kernel image @ 0x82000000 [ 0x000000 - 0x549e18 ]
## Flattened Device Tree blob at 88000000
Booting using the fdt blob at 0x88000000
Using Device Tree in place at 88000000, end 8800ef36
Starting kernel ...
Booting Linux on physical CPU 0x0
Linux version 3.10.53-1.1.0_ga+g496fbe0 (dheeraj@dheeraj-HP-EliteBook-840-G1) (gcc version 4.8.2 (GCC) ) #1 SMP PREEMPT Wed Feb 14 18:29:26 +08 2018
CPU: ARMv7 Processor [412fc09a] revision 10 (ARMv7), cr=10c53c7d
CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
Machine: Freescale i.MX6 SoloX (Device Tree), model: Freescale i.MX6 SoloX SDB Board
cma: CMA: reserved 320 MiB at ac000000
Memory policy: ECC disabled, Data cache writealloc
PERCPU: Embedded 8 pages/cpu @81598000 s8960 r8192 d15616 u32768
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 260096
Kernel command line: console=ttymxc0,115200 root=/dev/mmcblk0p2 rootwait rw
PID hash table entries: 4096 (order: 2, 16384 bytes)
Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
Memory: 1024MB = 1024MB total
Memory: 697256k/697256k available, 351320k reserved, 0K highmem
Virtual kernel memory layout:
vector : 0xffff0000 - 0xffff1000 ( 4 kB)
fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
vmalloc : 0xc0800000 - 0xff000000 (1000 MB)
lowmem : 0x80000000 - 0xc0000000 (1024 MB)
pkmap : 0x7fe00000 - 0x80000000 ( 2 MB)
modules : 0x7f000000 - 0x7fe00000 ( 14 MB)
.text : 0x80008000 - 0x80c71754 (12710 kB)
.init : 0x80c72000 - 0x80cbe300 ( 305 kB)
.data : 0x80cc0000 - 0x80d178c0 ( 351 kB)
.bss : 0x80d178c0 - 0x80d809ac ( 421 kB)
SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
Preemptible hierarchical RCU implementation.
RCU restricting CPUs from NR_CPUS=4 to nr_cpu_ids=1.
NR_IRQS:16 nr_irqs:16 16
L310 cache controller enabled
l2x0: 16 ways, CACHE_ID 0x410000c8, AUX_CTRL 0x32430000, Cache size: 262144 B
sched_clock: 32 bits at 3000kHz, resolution 333ns, wraps every 1431655ms
Console: colour dummy device 80x30
Calibrating delay loop... 1581.05 BogoMIPS (lpj=7905280)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512
CPU: Testing write buffer coherency: ok
CPU0: thread -1, cpu 0, socket 0, mpidr 80000000
Setting up static identity map for 0x80685698 - 0x806856f0
Brought up 1 CPUs
SMP: Total of 1 processors activated (1581.05 BogoMIPS).
CPU: All CPU(s) started in SVC mode.
devtmpfs: initialized
pinctrl core: initialized pinctrl subsystem
regulator-dummy: no parameters
NET: Registered protocol family 16
DMA: preallocated 256 KiB pool for atomic coherent allocations
Use WDOG1 as reset source
syscon 20c8000.anatop: regmap [mem 0x020c8000-0x020c8fff] registered
vdd1p1: 800 <--> 1375 mV at 1125 mV
vdd3p0: 2800 <--> 3150 mV at 3000 mV
vdd2p5: 2100 <--> 2875 mV at 2525 mV
cpu: 725 <--> 1450 mV at 1150 mV
vddpcie: 725 <--> 1450 mV at 1100 mV
vddsoc: 725 <--> 1450 mV at 1175 mV
syscon 20e4000.iomuxc-gpr: regmap [mem 0x020e4000-0x020e7fff] registered
syscon 21bc000.ocotp-ctrl: regmap [mem 0x021bc000-0x021bffff] registered
syscon 21ac000.romcp: regmap [mem 0x021ac000-0x021affff] registered
syscon 2294000.mu: regmap [mem 0x02294000-0x02297fff] registered
hw-breakpoint: found 5 (+1 reserved) breakpoint and 1 watchpoint registers.
hw-breakpoint: maximum watchpoint size is 4 bytes.
imx6sx-pinctrl 20e0000.iomuxc: initialized IMX pinctrl driver
bio: create slab <bio-0> at 0
mxs-dma 1804000.dma-apbh: initialized
VCC_SD3: 3000 mV
vref-3v3: 3300 mV
PSU-5V0: 5000 mV
usb_otg1_vbus: 5000 mV
usb_otg2_vbus: 5000 mV
i2c-core: driver [max17135] using legacy suspend method
i2c-core: driver [max17135] using legacy resume method
SCSI subsystem initialized
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
i2c i2c-0: IMX I2C adapter registered
i2c i2c-1: IMX I2C adapter registered
i2c i2c-2: IMX I2C adapter registered
i2c i2c-3: IMX I2C adapter registered
Linux video capture interface: v2.00
pps_core: LinuxPPS API ver. 1 registered
pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
PTP clock support registered
MIPI CSI2 driver module loaded
Advanced Linux Sound Architecture Driver Initialized.
Bluetooth: Core ver 2.16
NET: Registered protocol family 31
Bluetooth: HCI device and connection manager initialized
Bluetooth: HCI socket layer initialized
Bluetooth: L2CAP socket layer initialized
Bluetooth: SCO socket layer initialized
cfg80211: Calling CRDA to update world regulatory domain
disp-regulator: no parameters
pureg-dummy: no parameters
Switching to clocksource mxc_timer1
NET: Registered protocol family 2
TCP established hash table entries: 8192 (order: 4, 65536 bytes)
TCP bind hash table entries: 8192 (order: 4, 65536 bytes)
TCP: Hash tables configured (established 8192 bind 8192)
TCP: reno registered
UDP hash table entries: 512 (order: 2, 16384 bytes)
UDP-Lite hash table entries: 512 (order: 2, 16384 bytes)
NET: Registered protocol family 1
RPC: Registered named UNIX socket transport module.
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
hw perfevents: enabled with ARMv7 Cortex-A9 PMU driver, 7 counters available
Bus freq driver module loaded
futex hash table entries: 256 (order: 2, 16384 bytes)
VFS: Disk quotas dquot_6.5.2
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
NFS: Registering the id_resolver key type
Key type id_resolver registered
Key type id_legacy registered
jffs2: version 2.2. (NAND) � 2001-2006 Red Hat, Inc.
fuse init (API version 7.22)
msgmni has been set to 2001
io scheduler noop registered
io scheduler deadline registered
io scheduler cfq registered (default)
MIPI DSI driver module loaded
mxsfb 2224000.lcdif: registered mxc display driver ldb
Console: switching to colour frame buffer device 128x48
mxsfb 2224000.lcdif: initialized
imx-sdma 20ec000.sdma: no iram assigned, using external mem
imx-sdma 20ec000.sdma: no event needs to be remapped
imx-sdma 20ec000.sdma: initialized
imx-sdma 20ec000.sdma: loaded firmware 1.1
pfuze100-regulator 0-0008: Full lay: 2, Metal lay: 1
pfuze100-regulator 0-0008: FAB: 0, FIN: 0
pfuze100-regulator 0-0008: pfuze200 found.
SW1AB: 300 <--> 1875 mV at 1375 mV
SW2: 800 <--> 3300 mV at 3300 mV
SW3A: 400 <--> 1975 mV at 1350 mV
SW3B: 400 <--> 1975 mV at 1350 mV
SWBST: 5000 <--> 5150 mV at 5000 mV
VSNVS: 1000 <--> 3000 mV at 3000 mV
VREFDDR: 750 mV
VGEN1: 800 <--> 1550 mV at 1200 mV
VGEN2: 800 <--> 1550 mV at 1500 mV
VGEN3: 1800 <--> 3300 mV at 2800 mV
VGEN4: 1800 <--> 3300 mV at 1800 mV
VGEN5: 1800 <--> 3300 mV at 3300 mV
VGEN6: 1800 <--> 3300 mV at 3000 mV
Serial: IMX driver
2020000.serial: ttymxc0 at MMIO 0x2020000 (irq = 58) is a IMX
console [ttymxc0] enabled
21e8000.serial: ttymxc1 at MMIO 0x21e8000 (irq = 59) is a IMX
21f4000.serial: ttymxc4 at MMIO 0x21f4000 (irq = 62) is a IMX
serial: Freescale lpuart driver
imx sema4 driver is registered.
[drm] Initialized drm 1.1.0 20060810
[drm] Initialized vivante 1.0.0 20120216 on minor 0
brd: module loaded
loop: module loaded
fsl-quadspi 21e4000.qspi: n25q256a (32768 Kbytes)
fsl-quadspi 21e4000.qspi: n25q256a (32768 Kbytes)
fsl-quadspi 21e4000.qspi: QuadSPI SPI NOR flash driver
CAN device driver interface
flexcan 2090000.can: device registered (reg_base=c09b8000, irq=142)
flexcan 2094000.can: device registered (reg_base=c09c0000, irq=143)
libphy: fec_enet_mii_bus: probed
fec 2188000.ethernet eth0: registered PHC device 0
fec 21b4000.ethernet eth1: registered PHC device 1
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
usbcore: registered new interface driver usb-storage
imx_usb 2184000.usb: VBUS is coming from a dedicated power supply.
imx_usb 2184000.usb: Error occurs during detection: -6
ci_hdrc ci_hdrc.1: EHCI Host Controller
ci_hdrc ci_hdrc.1: new USB bus registered, assigned bus number 1
ci_hdrc ci_hdrc.1: USB 2.0 started, EHCI 1.00
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
mousedev: PS/2 mouse device common for all mice
input: 20cc000.snvs-pwrkey as /devices/soc0/soc.1/2000000.aips-bus/20cc000.snvs-pwrkey/input/input0
snvs_pwrkey 20cc000.snvs-pwrkey: i.MX snvs powerkey probed
egalax_ts 1-0004: Failed to read firmware version
egalax_ts: probe of 1-0004 failed with error -5
input: isl29023 light sensor as /devices/virtual/input/input1
isl29023 2-0044: driver version 1.0 enabled
i2c-core: driver [isl29023] using legacy suspend method
i2c-core: driver [isl29023] using legacy resume method
snvs_rtc 20cc034.snvs-rtc-lp: rtc core: registered 20cc034.snvs-rtc-lp as rtc0
i2c /dev entries driver
pxp-v4l2 pxp_v4l2_out.19: initialized
mag3110 2-000e: check mag3110 chip ID
input: mag3110 as /devices/virtual/input/input2
mag3110 2-000e: mag3110 is probed
i2c-core: driver [mag3110] using legacy suspend method
i2c-core: driver [mag3110] using legacy resume method
input: mma845x as /devices/virtual/input/input3
imx2-wdt 20bc000.wdog: IMX2+ Watchdog Timer enabled. timeout=60s (nowayout=0)
Bluetooth: HCI UART driver ver 2.2
Bluetooth: HCI H4 protocol initialized
Bluetooth: HCI BCSP protocol initialized
Bluetooth: HCIATH3K protocol initialized
usbcore: registered new interface driver bcm203x
usbcore: registered new interface driver btusb
Bluetooth: Generic Bluetooth SDIO driver ver 0.1
usbcore: registered new interface driver ath3k
cpuidle: using governor ladder
cpuidle: using governor menu
sdhci: Secure Digital Host Controller Interface driver
sdhci: Copyright(c) Pierre Ossman
sdhci-pltfm: SDHCI platform and OF driver helper
mmc1: no vqmmc regulator found
mmc1: no vmmc regulator found
mmc1: SDHCI controller on 2194000.usdhc [2194000.usdhc] using ADMA
mmc2: no vqmmc regulator found
mmc2: SDHCI controller on 2198000.usdhc [2198000.usdhc] using ADMA
sdhci-esdhc-imx 219c000.usdhc: could not get ultra high speed state, work on normal mode
mmc3: no vqmmc regulator found
mmc3: no vmmc regulator found
mmc3: SDHCI controller on 219c000.usdhc [219c000.usdhc] using ADMA
galcore: clk_get 2d core clock failed, disable 2d/vg!
Galcore version 5.0.11.25762
mmc3: new high speed SDHC card at address aaaa
mmcblk3: mmc3:aaaa SL08G 7.40 GiB
mmcblk3: p1 p2
mxc_asrc 2034000.asrc: mxc_asrc registered
Hello,
Can You get the system working without signed image, using non signed U-boot ?
Regards,
Yuri.
Hi Yuri,
Thank you. I managed to solve the issue: mmcroot should be /dev/mmcblk3p2 in order for it to detect the rootfs.
Regards,
Dheeraj