IMX8M Mini HAB secure boot - working?

Heiko Schocher hs at denx.de
Sat Jul 10 14:24:28 CEST 2021 

Hi Tim, Stefano,

On 10.07.21 11:14, Stefano Babic wrote:
> Hi Tim,
> 
> On 10.07.21 02:05, Tim Harvey wrote:
>> Greetings,
>>
>> Has anyone successfully used secure boot with IMX8M Mini or other
>> IMX8M? Peng's recent series got merged with the exception of what
>> looks like the addition of couple of 'caam' commands to blob/deblob
>> DEK's.
>>
>> There are no guides yet however I'm following the guides for the
>> downstream NXP U-Boot and thus far have been able to get the SPL to
>> boot with no HAB events but when it tries to authenticate the FIT
>> image it validate_ivt fails with 'Error: Invalid IVT structure'.
> 
> Heiko tested this and found it, if I am not wrong he found the cause. Added him in CC.
> 
> I have also planned to test this, it is on my TODO list...

I am currently not in my office, the whole next week ... so I could not
check my current state of the patches... but I found a problem, yes.

The problem was that the ROM API loaded the IVT header to a
memallocated address, which does of course not fit with the
address you have in IVT header ...

I have not full access to my development setup ,and found on my local
some old state of the patches .... may you can try them?

Of course they need a rework, other solution, but it shows the problem
hopefully...

bye,
Heiko
>> I'm
>> not entirely clear if my CSF is wrong, or in the wrong place or if
>> there is something missing.
>>
> 
> Best regards,
> Stefano
> 
> 

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-52   Fax: +49-8142-66989-80   Email: hs at denx.de


-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-52   Fax: +49-8142-66989-80   Email: hs at denx.de

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-spl_fit.-add-hook-to-make-fixes-after-fit-header-is-.patch
Type: text/x-patch
Size: 1766 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210710/cf7918d7/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-imx-spl-implement-spl_load_simple_fit_fix_load.patch
Type: text/x-patch
Size: 1576 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210710/cf7918d7/attachment-0001.bin>

More information about the U-Boot mailing list