On Tuesday, November 17, 2015 at 02:16:06 PM, Florian Achleitner wrote: > Hi Marek,
Hi, > thanks for you contributions to support mxs HAB v4 in u-boot. I'm currently > experimenting with HAB on my imx28 board. I think I put everything together > quite well. > > But examining the HAB event log I see two successful authentications for > the u-boot.bin and the IVT followed by a FAILURE with "unsupported > command" in the "CSF Context". It is the same for both the SPL and the > main u-boot. Did you see something similar? It suggests a wrong command in > the CSF file, but I think there is not a lot that can be wrong in the CSF > input file for the cst tool. But probably the cst output is different > between versions? I use version BLN_CST_MAIN_02.03.00. > > I use u-boot's mkimage, which can generate a signed boot stream, together > with your hand-crafted IVT generator in the Makefile. Can you share your CSF files (make sure to blank out the private material) ? > I wonder if the image size field, which is appended to IVT is critical. In > 9c2c8a3 you mention that the HAB Rom accepts a not exact size field value > of your SPL image layout. So it seems to be not that critical. > I found that my .sig file created by freescale's cst tool is 3372B, while > yours seems to have been 3904B. Currently, I am experimenting with the > image memory layout and the size field. > > My CSF file is virtually identical to the example in the freescale's > application notes, which uses sha256. I programmed the SRK fuses, but did > not set any lock bits. > HAB is in the open configuration. The SRK seems to be ok, otherwise there > would be no SUCCESS events in the log. > > Did HAB work without FAILURE events for you? Did anybody else on the list > see something similar? Below, you can find the HAB event log. > > Thanks! > Florian > > > > Status: Operation failed (0x33) > Config: Non-secure IC (0xf0) > State: No security state machine (0xf0) > -------- HAB Event 0 -------- > event data: > db 00 10 40 f0 00 db 00 > 00 00 10 00 00 00 26 c0 > status: HAB_STATUS_SUCCESS reason: HAB_RSN_ANY context: HAB_CTX_AUT_DAT > > -------- HAB Event 1 -------- > event data: > db 00 10 40 f0 00 db 00 > 00 00 80 00 00 00 00 40 > status: HAB_STATUS_SUCCESS reason: HAB_RSN_ANY context: HAB_CTX_AUT_DAT > > -------- HAB Event 2 -------- > event data: > db 00 08 40 33 03 cf 00 > status: HAB_STATUS_FAILURE reason: HAB_UNS_COMMAND context: HAB_CTX_CSF > > -------- HAB Event 3 -------- > event data: > db 00 10 40 f0 00 db 00 > 40 00 20 00 00 06 ef 00 > status: HAB_STATUS_SUCCESS reason: HAB_RSN_ANY context: HAB_CTX_AUT_DAT > > -------- HAB Event 4 -------- > event data: > db 00 10 40 f0 00 db 00 > 40 00 10 00 00 00 00 40 > status: HAB_STATUS_SUCCESS reason: HAB_RSN_ANY context: HAB_CTX_AUT_DAT > > -------- HAB Event 5 -------- > event data: > db 00 08 40 33 03 cf 00 > status: HAB_STATUS_FAILURE reason: HAB_UNS_COMMAND context: HAB_CTX_CSF _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot