IMX8M Mini HAB secure boot - working?

[Tim Harvey]

On Sat, Jul 10, 2021 at 5:24 AM Heiko Schocher <hs at denx.de> wrote:
>
> Hi Tim, Stefano,
>
> On 10.07.21 11:14, Stefano Babic wrote:
> > Hi Tim,
> >
> > On 10.07.21 02:05, Tim Harvey wrote:
> >> Greetings,
> >>
> >> Has anyone successfully used secure boot with IMX8M Mini or other
> >> IMX8M? Peng's recent series got merged with the exception of what
> >> looks like the addition of couple of 'caam' commands to blob/deblob
> >> DEK's.
> >>
> >> There are no guides yet however I'm following the guides for the
> >> downstream NXP U-Boot and thus far have been able to get the SPL to
> >> boot with no HAB events but when it tries to authenticate the FIT
> >> image it validate_ivt fails with 'Error: Invalid IVT structure'.
> >
> > Heiko tested this and found it, if I am not wrong he found the cause. Added him in CC.
> >
> > I have also planned to test this, it is on my TODO list...
>
> I am currently not in my office, the whole next week ... so I could not
> check my current state of the patches... but I found a problem, yes.
>
> The problem was that the ROM API loaded the IVT header to a
> memallocated address, which does of course not fit with the
> address you have in IVT header ...
>
> I have not full access to my development setup ,and found on my local
> some old state of the patches .... may you can try them?
>
> Of course they need a rework, other solution, but it shows the problem
> hopefully...
>

Heiko,

Thank you - that was indeed the issue and your patches resolve it. I
have not seen your patch posted to the list and your commit msg makes
it seem like your not sure if you should make it SoC dependent. Do you
plan on submitting these to the mailing list?

Best regards,

Tim