HI
How do I add DCD, are there any relevant steps? Because I didn’t see the relevant operations in the link below:
https://github.com/u-boot/u-boot/blob/master/doc/imx/habv4/guides/mx6_mx7_secure_boot.txt
HI
I still can't burn the image after adding DCD. Can you help me find out what's wrong?
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Address Offset Length Data File Path
Blocks = 0x877ff400 0x00000000 0x00084c00 "u-boot.imx",\
0x00910000 0x0000002c 0x000001e8 "u-boot.imx"
HI
I added the following to my csf file:
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x877ff400 0x00000000 0x00084c00 "u-boot.imx",\
0x00910000 0x0000002c 0x000001e8 "u-boot.imx"
I have another question:
I didn’t burn SRK_1_2_3_4_fuse.bin to efuse, why can I get the following printout:
Normal Boot
Hit any key to stop autoboot: 0
=> fuse read 3 0 8
Reading bank 3:
Word 0x00000000: 00000000 00000000 00000000 00000000
Word 0x00000004: 00000000 00000000 00000000 00000000
=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
=>
Isn't it necessary to burn efuse first before there will be no events?
I am using Imx6ull. I burned the SRK_1_2_3_4_fuse.bin generated by the CSF tool to efuse according to the documentation, as follows:
=> fuse prog -y 3 0 0x72A064C2
=> fuse prog -y 3 1 0x69824956
=> fuse prog -y 3 2 0x63966059
=> fuse prog -y 3 3 0x4842015
=> fuse prog -y 3 4 0x416A880E
=> fuse prog -y 3 5 0xF533453B
=> fuse prog -y 3 6 0x23306C28
=> fuse prog -y 3 7 0x8E2C366E
After that I use the following command to detect the event:
=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
I saw no events and thought it was successful, so I enabled it, as follows:
=> fuse prog 0 6 0x00000002
But after I enable Secure boot, I cannot re-burn the previous u-boot.imx (signed):
sudo uuu -d -b emmc 'u-boot.imx'
Below is my csf file:
Header]
Version = 4.1
Hash Algorithm = sha256
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
Engine = SW
[Install SRK]
# Index of the key location in the SRK table to be installed
File = "../crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
# Key used to authenticate the CSF data
File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target Index = 2
# Key to install
File= "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x877ff400 0x00000000 0x00084c00 "u-boot.imx"
$ cat ./git/mx6ull_14x14_evk_emmc_config/u-boot.imx.log
Image Type: Freescale IMX Boot Image
Image Ver: 2 (i.MX53/6/7 compatible)
Mode: DCD
Data Size: 553056 Bytes = 540.09 KiB = 0.53 MiB
Load Address: 877ff420
Entry Point: 87800000
HAB Blocks: 0x877ff400 0x00000000 0x00084c00
DCD Blocks: 0x00910000 0x0000002c 0x000001e8
Is there a problem with the CSF file? Looking forward to your reply