I have a locked board which loads the SPL fine.
SPL can then call imx_hab_authenticate_image which also succeeds if image properly signed, and fails if not.
But then I noticed that I could NOT authenticate a signed kernel from u-boot. I went back to try to call imx_hab_authenticate_image again just like SPL does (same addresses, so in fact to authenticate u-boot from u-boot), but it fails.
Some observations:
- when debugging hab.c, in see in SPL it takes the paths of current_el() == 3 and in u-boot of current_el() != 3.
- hab_status in u-boot always reads HAB Configuration: 0x00, HAB State: 0x00.
- Some basic SMC calls return this
=> smc C2000007 00
Res: 0 0 0 0
=> smc C2000007 01
Res: 240 1 0 0
=> smc C2000007 02
Res: 240 2 0 0
=> smc C2000007 03
Res: 51 3 0 0
=> smc C2000007 04
Res: 51 4 0 0
=> smc C2000007 06
Res: 51 6 0 0
=> smc C2000007 07
Res: 262921 7 0 0
=> smc C2000007 05
<hangs>
My problem is apparently that I can't talk to HAB when I drop from EL3.
SOC i.MX8M Mini
ATF v2.8
U-boot 2023.01
As I am using mainline versions and custom configs I don't expect to get a clear answer, but probably someone can point me what could be breaking this as I have no experience with ATF.
