[U-Boot] mxs: HAB experiments

Marek Vasut marex at denx.de
Wed Nov 18 09:55:12 CET 2015 

On Tuesday, November 17, 2015 at 02:16:06 PM, Florian Achleitner wrote:
> Hi Marek,

Hi,

> thanks for you contributions to support mxs HAB v4 in u-boot. I'm currently
> experimenting with HAB on my imx28 board. I think I put everything together
> quite well.
> 
> But examining the HAB event log I see two successful authentications for
> the u-boot.bin and the IVT followed by a FAILURE with "unsupported
> command" in the "CSF Context".  It is the same for both the SPL and the
> main u-boot. Did you see something similar? It suggests a wrong command in
> the CSF file, but I think there is not a lot that can be wrong in the CSF
> input file for the cst tool. But probably the cst output is different
> between versions? I use version BLN_CST_MAIN_02.03.00.
> 
> I use u-boot's mkimage, which can generate a signed boot stream, together
> with your hand-crafted IVT generator in the Makefile.

Can you share your CSF files (make sure to blank out the private material) ?

> I wonder if the image size field, which is appended to IVT is critical. In
> 9c2c8a3 you mention that the HAB Rom accepts a not exact size field value
> of your SPL image layout. So it seems to be not that critical.
> I found that my .sig file created by freescale's cst tool is 3372B, while
> yours seems to have been 3904B. Currently, I am experimenting with the
> image memory layout and the size field.
> 
> My CSF file is virtually identical to the example in the freescale's
> application notes, which uses sha256. I programmed the SRK fuses, but did
> not set any lock bits.
> HAB is in the open configuration. The SRK seems to be ok, otherwise there
> would be no SUCCESS events in the log.
> 
> Did HAB work without FAILURE events for you? Did anybody else on the list
> see something similar? Below, you can find the HAB event log.
> 
> Thanks!
> Florian
> 
> 
> 
> Status: Operation failed (0x33)
> Config: Non-secure IC (0xf0)
> State: No security state machine (0xf0)
> -------- HAB Event 0 --------
> event data:
>  db 00 10 40  f0 00 db 00
>  00 00 10 00  00 00 26 c0
>  status: HAB_STATUS_SUCCESS reason: HAB_RSN_ANY context: HAB_CTX_AUT_DAT
> 
> -------- HAB Event 1 --------
> event data:
>  db 00 10 40  f0 00 db 00
>  00 00 80 00  00 00 00 40
>  status: HAB_STATUS_SUCCESS reason: HAB_RSN_ANY context: HAB_CTX_AUT_DAT
> 
> -------- HAB Event 2 --------
> event data:
>  db 00 08 40  33 03 cf 00
>  status: HAB_STATUS_FAILURE reason: HAB_UNS_COMMAND context: HAB_CTX_CSF
> 
> -------- HAB Event 3 --------
> event data:
>  db 00 10 40  f0 00 db 00
>  40 00 20 00  00 06 ef 00
>  status: HAB_STATUS_SUCCESS reason: HAB_RSN_ANY context: HAB_CTX_AUT_DAT
> 
> -------- HAB Event 4 --------
> event data:
>  db 00 10 40  f0 00 db 00
>  40 00 10 00  00 00 00 40
>  status: HAB_STATUS_SUCCESS reason: HAB_RSN_ANY context: HAB_CTX_AUT_DAT
> 
> -------- HAB Event 5 --------
> event data:
>  db 00 08 40  33 03 cf 00
>  status: HAB_STATUS_FAILURE reason: HAB_UNS_COMMAND context: HAB_CTX_CSF

More information about the U-Boot mailing list