HABv4 with SPL and u-boot-dtb.img on i.MX6

Benjamin Lemouzy blemouzy.ml at gmail.com
Tue Feb 20 10:50:49 CET 2024


Hello,

I'm trying to make secure boot work on i.MX6 SABRE with SPL and u-boot-dtb.img files and I'm not sure how to do it.

I'm using the U-Boot vanilla master branch (2024.04-rc2) with the following configuration:

    # Remove some stuff to not exceed file size limit
    $ cat <<EOF >> configs/mx6sabresd_defconfig
    CONFIG_BOOTMETH_EFILOADER=n
    CONFIG_CMD_NET=n
    CONFIG_NET=n
    EOF

    # Enable secure boot
    $ cat <<EOF >> configs/mx6sabresd_defconfig
    CONFIG_IMX_HAB=y
    CONFIG_SPL_LOAD_FIT_ADDRESS=0x18000000
    EOF

    $ make ARCH=arm O=build mx6sabresd_defconfig

    $ make ARCH=arm O=build

I have no issue to generate a working SPL-signed file following doc/imx/habv4/guides/mx6_mx7_spl_secure_boot.txt instructions.

doc/imx/habv4/guides/mx6_mx7_spl_secure_boot.txt only gives instructions to sign u-boot-ivt.img but this file doesn't contain device trees listed in CONFIG_OF_LIST as u-boot-dtb.img does and I need them.



NXP AN4581 lists 2 possible formats to sign additional images:

- Image format:

            ------- +-----------------------------+ <-- *load_address
                ^   |                             |
                |   |                             |
                |   |          Image data         |
         Signed |   |                             |
          Data  |   |                             |
                |   +-----------------------------+
                |   |    Padding Next Boundary    |
                |   +-----------------------------+ <-- *ivt
                v   |     Image Vector Table      |
            ------- +-----------------------------+ <-- *csf
                    |                             |
                    | Command Sequence File (CSF) |
                    |                             |
                    +-----------------------------+
                    |     Padding (optional)      |
                    +-----------------------------+

- FIT image format:

            ------- +-----------------------------+ -------
                ^   |                             |    ^
                |   |                             |    |
                |   |           FDT FIT           |    |
                |   |                             |    |
    Signed data |   |                             |    |
                |   +-----------------------------+    |
                |   |    Padding Next Boundary    |    |
                |   +-----------------------------+    |
                v   |     Image Vector Table      |    |
            ------- +-----------------------------+    | FIT image
                    |                             |    |
                    | Command Sequence File (CSF) |    |
                    |                             |    |
                    +-----------------------------+    |
                    |     Padding (optional)      |    |
            ------- +-----------------------------+    |
                ^   |                             |    |
    Signed data |   |           U-Boot            |    |
                v   |                             |    v
            ------- +-----------------------------+ -------

And as u-boot-dtb.img is a FIT image, I probably have to use the FIT image format, right?



I manually craft the signed FIT image using doc/imx/habv4/csf_examples/mx8m/csf.sh as reference and everything looks fine:

    U-Boot SPL 2024.04-rc2-00025-g9e00b6993f-dirty (Feb 19 2024 - 13:17:31 +0100)
    >>SPL: board_init_r()
    spl_init
    Trying to boot from MMC1
    fit read offset 11400, size=12800, dst=18000000, count=12800
    spl_load_simple_fit_fix_load: ivt: 18001000 offset: 1000 size: 3060
    spl_load_simple_fit_fix_load: ivt self: 18001000
    hab fuse not enabled

    Authenticate image from DDR location 0x18000000...

    ivt_offset = 0x1000, ivt addr = 0x18001000
    ivt entry = 0x18000000, dcd = 0x00000000, csf = 0x18001020
    Dumping IVT
    .. @............
    ........ .......
    Dumping CSF Header
    ..PC...........P
    ................
    .......<........
    ...............8

    Calling authenticate_image in ROM
            ivt_offset = 0x1000
            start = 0x18000000
            bytes = 0x3060
    firmware: 'firmware-1'
    External data: dst=17800000, offset=3060, size=86138
    Image OS is U-Boot
    fdt: 'fdt-1'
    Can't get 'load' property from FIT 0x18000000, node: offset 464, name fdt-1 (FDT_ERR_NOTFOUND)
    External data: dst=17886140, offset=89198, size=ac00
    Can't get 'entry' property from FIT 0x18000000, node: offset 464, name fdt-1 (FDT_ERR_NOTFOUND)
    loadables: 'firmware-1'
    no string for index 1
    Jumping to U-Boot...
    SPL malloc() used 0x0 bytes (0 KB)
    image entry point: 0x


    U-Boot 2024.04-rc2-00025-g9e00b6993f-dirty (Feb 19 2024 - 13:17:31 +0100)

    CPU:   Freescale i.MX6Q rev1.2 996 MHz (running at 792 MHz)
    CPU:   Automotive temperature grade (-40C to 125C) at 35C
    Reset cause: POR
    Model: Freescale i.MX6 Quad SABRE Smart Device Board
    DRAM:  1 GiB
    Core:  94 devices, 23 uclasses, devicetree: separate
    WDT:   Started watchdog at 20c0000 with servicing every 1000ms (128s timeout)
    MMC:   FSL_SDHC: 4, FSL_SDHC: 1, FSL_SDHC: 3
    Loading Environment from MMC... *** Warning - bad CRC, using default environment

    No panel detected: default to Hannstar-XGA
    Display: Hannstar-XGA (1024x768)
    In:    serial
    Out:   serial
    Err:   serial
    SEC0:  RNG instantiated
    Hit any key to stop autoboot:  0
    => hab_status

    Secure boot disabled

    HAB Configuration: 0xf0, HAB State: 0x66
    No HAB Events Found!

But as only the FDT part of the FIT image is checked through HAB, U-Boot and DTB are only protected by FIT image hashes, right?

Using fdtdump shows that crc32 is used as hash algorithm for FIT image which is a super weak one.
I tried to pass another algo (sha256) using mkimage -o option but that doesn't work.

  ./tools/mkimage -f auto -A arm -T firmware -C none -O u-boot -a 0x17800000 -e 0x17800000 -p 0x0 -n "U-Boot 2024.04-rc2-00025-g9e00b6993f-dirty for mx6sabresd board" -E -b arch/arm/dts/imx6q-sabresd.dtb -b arch/arm/dts/imx6qp-sabresd.dtb -b arch/arm/dts/imx6dl-sabresd.dtb -d u-boot-nodtb.bin -o sha256 u-boot-dtb.img

Is there any way to change U-Boot FIT image hash?



I also try to use image format and force the HAB to verify the whole u-boot-dtb.img file by patching the FIT image size:

    image_size=$(stat -tc %s u-boot-dtb.img)
    printf "00000004: %08x" "$image_size" | xxd -r - u-boot-dtb.img

SPL starts, authentication looks fine but the boot fails.
Is there any chance to make it work or is it insane to try to use this format?

Regards,

Benjamin


More information about the U-Boot mailing list