HABv4 with SPL and u-boot-dtb.img on i.MX6
Benjamin Lemouzy
blemouzy.ml at gmail.com
Tue Feb 20 10:50:49 CET 2024
Hello,
I'm trying to make secure boot work on i.MX6 SABRE with SPL and u-boot-dtb.img files and I'm not sure how to do it.
I'm using the U-Boot vanilla master branch (2024.04-rc2) with the following configuration:
# Remove some stuff to not exceed file size limit
$ cat <<EOF >> configs/mx6sabresd_defconfig
CONFIG_BOOTMETH_EFILOADER=n
CONFIG_CMD_NET=n
CONFIG_NET=n
EOF
# Enable secure boot
$ cat <<EOF >> configs/mx6sabresd_defconfig
CONFIG_IMX_HAB=y
CONFIG_SPL_LOAD_FIT_ADDRESS=0x18000000
EOF
$ make ARCH=arm O=build mx6sabresd_defconfig
$ make ARCH=arm O=build
I have no issue to generate a working SPL-signed file following doc/imx/habv4/guides/mx6_mx7_spl_secure_boot.txt instructions.
doc/imx/habv4/guides/mx6_mx7_spl_secure_boot.txt only gives instructions to sign u-boot-ivt.img but this file doesn't contain device trees listed in CONFIG_OF_LIST as u-boot-dtb.img does and I need them.
NXP AN4581 lists 2 possible formats to sign additional images:
- Image format:
------- +-----------------------------+ <-- *load_address
^ | |
| | |
| | Image data |
Signed | | |
Data | | |
| +-----------------------------+
| | Padding Next Boundary |
| +-----------------------------+ <-- *ivt
v | Image Vector Table |
------- +-----------------------------+ <-- *csf
| |
| Command Sequence File (CSF) |
| |
+-----------------------------+
| Padding (optional) |
+-----------------------------+
- FIT image format:
------- +-----------------------------+ -------
^ | | ^
| | | |
| | FDT FIT | |
| | | |
Signed data | | | |
| +-----------------------------+ |
| | Padding Next Boundary | |
| +-----------------------------+ |
v | Image Vector Table | |
------- +-----------------------------+ | FIT image
| | |
| Command Sequence File (CSF) | |
| | |
+-----------------------------+ |
| Padding (optional) | |
------- +-----------------------------+ |
^ | | |
Signed data | | U-Boot | |
v | | v
------- +-----------------------------+ -------
And as u-boot-dtb.img is a FIT image, I probably have to use the FIT image format, right?
I manually craft the signed FIT image using doc/imx/habv4/csf_examples/mx8m/csf.sh as reference and everything looks fine:
U-Boot SPL 2024.04-rc2-00025-g9e00b6993f-dirty (Feb 19 2024 - 13:17:31 +0100)
>>SPL: board_init_r()
spl_init
Trying to boot from MMC1
fit read offset 11400, size=12800, dst=18000000, count=12800
spl_load_simple_fit_fix_load: ivt: 18001000 offset: 1000 size: 3060
spl_load_simple_fit_fix_load: ivt self: 18001000
hab fuse not enabled
Authenticate image from DDR location 0x18000000...
ivt_offset = 0x1000, ivt addr = 0x18001000
ivt entry = 0x18000000, dcd = 0x00000000, csf = 0x18001020
Dumping IVT
.. @............
........ .......
Dumping CSF Header
..PC...........P
................
.......<........
...............8
Calling authenticate_image in ROM
ivt_offset = 0x1000
start = 0x18000000
bytes = 0x3060
firmware: 'firmware-1'
External data: dst=17800000, offset=3060, size=86138
Image OS is U-Boot
fdt: 'fdt-1'
Can't get 'load' property from FIT 0x18000000, node: offset 464, name fdt-1 (FDT_ERR_NOTFOUND)
External data: dst=17886140, offset=89198, size=ac00
Can't get 'entry' property from FIT 0x18000000, node: offset 464, name fdt-1 (FDT_ERR_NOTFOUND)
loadables: 'firmware-1'
no string for index 1
Jumping to U-Boot...
SPL malloc() used 0x0 bytes (0 KB)
image entry point: 0x
U-Boot 2024.04-rc2-00025-g9e00b6993f-dirty (Feb 19 2024 - 13:17:31 +0100)
CPU: Freescale i.MX6Q rev1.2 996 MHz (running at 792 MHz)
CPU: Automotive temperature grade (-40C to 125C) at 35C
Reset cause: POR
Model: Freescale i.MX6 Quad SABRE Smart Device Board
DRAM: 1 GiB
Core: 94 devices, 23 uclasses, devicetree: separate
WDT: Started watchdog at 20c0000 with servicing every 1000ms (128s timeout)
MMC: FSL_SDHC: 4, FSL_SDHC: 1, FSL_SDHC: 3
Loading Environment from MMC... *** Warning - bad CRC, using default environment
No panel detected: default to Hannstar-XGA
Display: Hannstar-XGA (1024x768)
In: serial
Out: serial
Err: serial
SEC0: RNG instantiated
Hit any key to stop autoboot: 0
=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
But as only the FDT part of the FIT image is checked through HAB, U-Boot and DTB are only protected by FIT image hashes, right?
Using fdtdump shows that crc32 is used as hash algorithm for FIT image which is a super weak one.
I tried to pass another algo (sha256) using mkimage -o option but that doesn't work.
./tools/mkimage -f auto -A arm -T firmware -C none -O u-boot -a 0x17800000 -e 0x17800000 -p 0x0 -n "U-Boot 2024.04-rc2-00025-g9e00b6993f-dirty for mx6sabresd board" -E -b arch/arm/dts/imx6q-sabresd.dtb -b arch/arm/dts/imx6qp-sabresd.dtb -b arch/arm/dts/imx6dl-sabresd.dtb -d u-boot-nodtb.bin -o sha256 u-boot-dtb.img
Is there any way to change U-Boot FIT image hash?
I also try to use image format and force the HAB to verify the whole u-boot-dtb.img file by patching the FIT image size:
image_size=$(stat -tc %s u-boot-dtb.img)
printf "00000004: %08x" "$image_size" | xxd -r - u-boot-dtb.img
SPL starts, authentication looks fine but the boot fails.
Is there any chance to make it work or is it insane to try to use this format?
Regards,
Benjamin
More information about the U-Boot
mailing list