Hi all,
Noticed that the following commands in uboot are always successful even the container image was no signed, but "seco events" shows that the image was not signed (AHAB_NO_AUTHENTICATION_IND):
Uboot>if run auth_os; then echo Done; else echo ERR; fi; - it almost the same what uboot will do if we enable:
#define AHAB_ENV "sec_boot=yes\0"
So, I enabled CONFIG_AHAB_BOOT to use SECO API from uboot
generated keys and signed containers follow to AHAB guides and burned SRK_HASH fuses.
1th container image - signed flash.bin with SCU, uboot, SCFW that works fine. No SECO events
2th container image - flash_os.bin (Linux Kernel + DTB) unsigned and
flash_os.bin.signed with the same keys as a previous one and it should be authenticated by uboot via SECO API
So, if you look at the screenshot:
run auth_os-> auth_cntr -> do_authenticate -> authenticate_os_container -> sc_seco_authenticate -< No errors
But "seco events" shows(or not shows the errors depending on Linux image) AHAB_NO_AUTHENTICATION_IND
Thus, the questions are:
- Is it related to the fact that the device in "NXP Closed" state?
- Will the "sc_seco_authenticate" return the error when the device will be closed or does it just say that command passed and we should check the result with ahab_status?
Regards,
Bulat
