I am working on a system based on i.MX8M Mini, Yocto kirkstone, U-Boot v2021.04. It is derived from the imx8mm-evk machine (in U-Boot v2021.04, the imx8mm-evk-qca-wifi machine).
I'm using meta-freescale branch kirkstone commit 2e785f257a, which in the imx-boot recipe uses imx-mkimage branch lf-5.15.5_1.0.0 commit 22346a32a8.
I have a complete working system, but I want to enable secure boot for U-Boot etc.
I've been following the instructions in the document doc/imx/habv4/guides/mx8m_secure_boot.txt in the U-Boot v2021.04 source code. As described in my other post i.MX8M Mini secure boot Yocto bbappend, I'm trying to use Yocto to build it.
I've reached the step 1.8 "Verifying HAB events". I do the hab_status command, but I get HAB errors:
U-Boot SPL 2021.04-imx_v2021.04_5.15.5-1.0.0+gf7b43f8b4c (Mar 01 2022 - 07:31:56 +0000)
power_bd71837_init
DDRINFO: start DRAM init
DDRINFO: DRAM rate 3000MTS
DDRINFO:ddrphy calibration done
DDRINFO: ddrmix config done
SEC0: RNG instantiated
Normal Boot
Trying to boot from MMC2
hab fuse not enabled
Authenticate image from DDR location 0x401fcdc0...
NOTICE: BL31: v2.4(release):lf-5.15.5-1.0.0-0-g05f788b9b-dirty
NOTICE: BL31: Built : 05:49:10, Mar 2 2022
U-Boot 2021.04-imx_v2021.04_5.15.5-1.0.0+gf7b43f8b4c (Mar 01 2022 - 07:31:56 +0000)
CPU: i.MX8MMQ rev1.0 1600 MHz (running at 1200 MHz)
CPU: Industrial temperature grade (-40C to 105C) at 42C
Reset cause: POR
Model: ----
DRAM: 2 GiB
MMC: FSL_SDHC: 1, FSL_SDHC: 2
Loading Environment from MMC... *** Warning - bad CRC, using default environment
Fail to setup video link
In: serial
Out: serial
Err: serial
SEC0: RNG instantiated
BuildInfo:
- ATF 05f788b
flash target is MMC:2
Fastboot: Normal
Normal Boot
Autoboot in 3 seconds; press SPACE to abort
u-boot=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x40 0x1f 0xdd 0xc0
0x00 0x00 0x00 0x20
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x43 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x40 0x1f 0xcd 0xc0
0x00 0x00 0x00 0x04
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x3c 0x43 0x33 0x18 0xc0 0x00
0xca 0x00 0x34 0x00 0x02 0xc5 0x1d 0x00
0x00 0x00 0x0a 0x30 0x40 0x1f 0xcd 0xc0
0x00 0x00 0x10 0x20 0x40 0x20 0x00 0x00
0x00 0x0d 0x23 0x70 0x40 0x2d 0x23 0x70
0x00 0x00 0xa3 0xca 0x00 0x92 0x00 0x00
0x00 0x00 0xc0 0xc6 0xfe 0x00 0x00 0x00
0x00 0x00 0x00 0x10
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)
u-boot=>
If I understand what I've read elsewhere, this indicates that it's expecting a data block to be signed which is not. If I'm reading the data right, there are two blocks:
I've got a csf_fit.txt which ends with the following:
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = \
0x401fcdc0 0x57c00 0x1020 "imx-boot-machine-sd.bin-flash_evk", \
0x40200000 0x5B000 0xD2370 "imx-boot-machine-sd.bin-flash_evk", \
0x402D2370 0x12D370 0xA3CA "imx-boot-machine-sd.bin-flash_evk", \
0x920000 0x13773C 0xC0C6 "imx-boot-machine-sd.bin-flash_evk", \
0xFE000000 0x143804 0x10 "imx-boot-machine-sd.bin-flash_evk"
Those blocks were derived from the mkimage output line sld hab block and print_fit_hab.sh as described in the above documentation.
So, what are these other blocks that the HAB seems to want to be signed too?
I found these other posts that are related, but don't answer my question:
Solved: HAB EVENT: HAB_INV_ASSERTION
How to get HAB Authenticate Data block address for i.MX 8M Mini in Yocto
已解决! 转到解答。
I've examined the above more closely, and found:
# Hack for padding of DTB
cp ${BOOT_STAGING}/${UBOOT_DTB_NAME} ${BOOT_STAGING}/${UBOOT_DTB_NAME}.pad
scripts/pad_image.sh ${BOOT_STAGING}/u-boot-nodtb.bin ${BOOT_STAGING}/${UBOOT_DTB_NAME}.pad
if ${DEPLOY_OPTEE}; then
export BL32=${BOOT_STAGING}/tee.bin
fi
FIT_HAB=$(VERSION=v1 \
BL31=${BOOT_STAGING}/bl31.bin \
BL33=${BOOT_STAGING}/u-boot-nodtb.bin \
ATF_LOAD_ADDR=${ATF_LOAD_ADDR} \
TEE_LOAD_ADDR=${TEE_LOAD_ADDR} \
${S}/iMX8M/print_fit_hab.sh \
0x60000 ${BOOT_STAGING}/${UBOOT_DTB_NAME}.pad)
0x40200000 0x5AC00 0xD2370
0x402D2370 0x12CF70 0xA3D0
0x920000 0x137340 0xC0D0
0xBE000000 0x143410 0x77EA0
After the above changes, when I boot it and do hab_status at the U-Boot command prompt, it says
No HAB Events Found!
So I guess that's a success.
1, The ENGINE that you use is "ENG = HAB_ENG_ANY (0x00)", You need to change it in your csf file with CAAM.
2, Please share the these files for further troubleshooting.
- ivt of spl, - ivt of fit, - csf of spl, - csf of fit, - full log of imx-mkiamge generated, - full log of pring_fit_hab generated.
Best regards
Harvey
- ivt of spl, - ivt of fit
Where do I find those?
- csf of spl
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
# Index of the key location in the SRK table to be installed
File = "../crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
# Key used to authenticate the CSF data
File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Unlock]
# Leave Job Ring and DECO master ID registers Unlocked
Engine = CAAM
Features = MID
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target index = 2
# Key to install
File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
# Blocks = 0x7e0fc0 0x0 0x2e200 "git/imx-boot-tv4000-sd.bin-flash_evk"
Blocks = 0x7e0fc0 0x0 0x2e200 "imx-boot-tv4000-sd.bin-flash_evk"
- csf of fit
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
# Index of the key location in the SRK table to be installed
File = "../crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
# Key used to authenticate the CSF data
File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target index = 2
# Key to install
File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = \
0x401fcdc0 0x57c00 0x1020 "imx-boot-tv4000-sd.bin-flash_evk", \
0x40200000 0x5B000 0xD2370 "imx-boot-tv4000-sd.bin-flash_evk", \
0x402D2370 0x12D370 0xA3CA "imx-boot-tv4000-sd.bin-flash_evk", \
0x920000 0x13773C 0xC0D0 "imx-boot-tv4000-sd.bin-flash_evk", \
0xFE000000 0x14380C 0x10 "imx-boot-tv4000-sd.bin-flash_evk"
- full log of imx-mkimage generated,
I'm using the Yocto imx-boot recipe, which has this in the build log temp/log.do_compile:
NOTE: building iMX8MM - flash_evk
26266+0 records in
26266+0 records out
105064 bytes (105 kB, 103 KiB) copied, 0.0474495 s, 2.2 MB/s
./../scripts/dtb_check.sh imx8mm-evk.dtb evk.dtb imx8mm-evk-qca-wifi.dtb
Use u-boot DTB: imx8mm-evk-qca-wifi.dtb
./../scripts/pad_image.sh tee.bin
tee.bin is padded to 491168
./../scripts/pad_image.sh bl31.bin
bl31.bin is padded to 49360
./../scripts/pad_image.sh u-boot-nodtb.bin evk.dtb
u-boot-nodtb.bin + evk.dtb are padded to 902976
DEK_BLOB_LOAD_ADDR=0x40400000 TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 ./mkimage_fit_atf.sh evk.dtb > u-boot.its
bl31.bin size:
49360
Building with TEE support, make sure bl31.bin is compiled with spd. If you do not want tee, please delete tee.bin
tee.bin size:
491168
u-boot-nodtb.bin size:
861040
evk.dtb size:
41936
mkimage -E -p 0x3000 -f u-boot.its u-boot.itb
FIT description: Configuration to load ATF before U-Boot
Created: Wed Dec 15 16:24:03 2021
Image 0 (uboot-1)
Description: U-Boot (64-bit)
Created: Wed Dec 15 16:24:03 2021
Type: Standalone Program
Compression: uncompressed
Data Size: 861040 Bytes = 840.86 KiB = 0.82 MiB
Architecture: AArch64
Load Address: 0x40200000
Entry Point: unavailable
Image 1 (fdt-1)
Description: evk
Created: Wed Dec 15 16:24:03 2021
Type: Flat Device Tree
Compression: uncompressed
Data Size: 41936 Bytes = 40.95 KiB = 0.04 MiB
Architecture: Unknown Architecture
Image 2 (atf-1)
Description: ARM Trusted Firmware
Created: Wed Dec 15 16:24:03 2021
Type: Firmware
Compression: uncompressed
Data Size: 49360 Bytes = 48.20 KiB = 0.05 MiB
Architecture: AArch64
OS: ARM Trusted Firmware
Load Address: 0x00920000
Image 3 (tee-1)
Description: TEE firmware
Created: Wed Dec 15 16:24:03 2021
Type: Firmware
Compression: uncompressed
Data Size: 491168 Bytes = 479.66 KiB = 0.47 MiB
Architecture: AArch64
OS: Unknown OS
Load Address: 0xbe000000
Default Configuration: 'config-1'
Configuration 0 (config-1)
Description: evk
Kernel: unavailable
Firmware: uboot-1
FDT: fdt-1
Loadables: atf-1
tee-1
./mkimage_imx8 -version v1 -fit -loader u-boot-spl-ddr.bin 0x7E1000 -second_loader u-boot.itb 0x40200000 0x60000 -out flash.bin
Platform: i.MX8M (mScale)
ROM VERSION: v1
Using FIT image
LOADER IMAGE: u-boot-spl-ddr.bin start addr: 0x007e1000
SECOND LOADER IMAGE: u-boot.itb start addr: 0x40200000 offset: 0x00060000
Output: flash.bin
========= IVT HEADER [HDMI FW] =========
header.tag: 0x0
header.length: 0x0
header.version: 0x0
entry: 0x0
reserved1: 0x0
dcd_ptr: 0x0
boot_data_ptr: 0x0
self: 0x0
csf: 0x0
reserved2: 0x0
boot_data.start: 0x0
boot_data.size: 0x0
boot_data.plugin: 0x0
========= IVT HEADER [PLUGIN] =========
header.tag: 0x0
header.length: 0x0
header.version: 0x0
entry: 0x0
reserved1: 0x0
dcd_ptr: 0x0
boot_data_ptr: 0x0
self: 0x0
csf: 0x0
reserved2: 0x0
boot_data.start: 0x0
boot_data.size: 0x0
boot_data.plugin: 0x0
========= IVT HEADER [LOADER IMAGE] =========
header.tag: 0xd1
header.length: 0x2000
header.version: 0x41
entry: 0x7e1000
reserved1: 0x0
dcd_ptr: 0x0
boot_data_ptr: 0x7e0fe0
self: 0x7e0fc0
csf: 0x80f1c0
reserved2: 0x0
boot_data.start: 0x7e0bc0
boot_data.size: 0x30660
boot_data.plugin: 0x0
========= OFFSET dump =========
Loader IMAGE:
header_image_off 0x0
dcd_off 0x0
image_off 0x40
csf_off 0x2e200
spl hab block: 0x7e0fc0 0x0 0x2e200
Second Loader IMAGE:
sld_header_off 0x57c00
sld_csf_off 0x58c20
sld hab block: 0x401fcdc0 0x57c00 0x1020
- full log of pring_fit_hab generated
if ${DEPLOY_OPTEE}; then
export BL32=${DEPLOY_DIR_IMAGE}/tee.bin
fi
FIT_HAB=$(BL31=${BOOT_STAGING}/bl31.bin \
BL33=${DEPLOY_DIR_IMAGE}/${BOOT_TOOLS}/u-boot-nodtb.bin-${MACHINE}-${UBOOT_CONFIG} \
ATF_LOAD_ADDR=${ATF_LOAD_ADDR} \
${S}/iMX8M/print_fit_hab.sh \
0x60000 ${DEPLOY_DIR_IMAGE}/${BOOT_TOOLS}/${UBOOT_DTB_NAME})
0x40200000 0x5B000 0xD2370
0x402D2370 0x12D370 0xA3CA
0x920000 0x13773C 0xC0D0
0xFE000000 0x14380C 0x10
One bit I'm a little unsure of, is the padding of the various images done by pad_image.sh. I'm not sure why it's done. Perhaps when I call print_fit_hab.sh, I need to refer to the padded BL31, BL32, BL33 etc rather than the original ones.
I've examined the above more closely, and found:
# Hack for padding of DTB
cp ${BOOT_STAGING}/${UBOOT_DTB_NAME} ${BOOT_STAGING}/${UBOOT_DTB_NAME}.pad
scripts/pad_image.sh ${BOOT_STAGING}/u-boot-nodtb.bin ${BOOT_STAGING}/${UBOOT_DTB_NAME}.pad
if ${DEPLOY_OPTEE}; then
export BL32=${BOOT_STAGING}/tee.bin
fi
FIT_HAB=$(VERSION=v1 \
BL31=${BOOT_STAGING}/bl31.bin \
BL33=${BOOT_STAGING}/u-boot-nodtb.bin \
ATF_LOAD_ADDR=${ATF_LOAD_ADDR} \
TEE_LOAD_ADDR=${TEE_LOAD_ADDR} \
${S}/iMX8M/print_fit_hab.sh \
0x60000 ${BOOT_STAGING}/${UBOOT_DTB_NAME}.pad)
0x40200000 0x5AC00 0xD2370
0x402D2370 0x12CF70 0xA3D0
0x920000 0x137340 0xC0D0
0xBE000000 0x143410 0x77EA0
After the above changes, when I boot it and do hab_status at the U-Boot command prompt, it says
No HAB Events Found!
So I guess that's a success.