Hi Jagan, 2018-02-08 10:43 GMT-02:00 Jagan Teki <[email protected]>: > On Fri, Jan 12, 2018 at 6:09 PM, Bryan O'Donoghue > <[email protected]> wrote: >> v6: >> - Added patch 21/25 return zero on open (unlocked) board when >> calling authenticate_image() - Breno >> >> - Added Tested-by: Breno Matheus Lima <[email protected]> >> as indicated for remainder 24/25 patches >> >> - Added Reviewed-by: Fabio Estevam <[email protected]> >> as indicated for remainder 24/25 patches >> >> v5: >> - Drop dcache disable across HAB call. >> We can't replicate this error on the current codebase and the available >> images. We'll have to wait for the error to crop up again before pushing >> that patch any further. >> >> v4: >> - No change mixed extra patches @ v3 unnoticed with previous >> git-send >> >> v3: >> - Only call into ROM if headers are verified. - Bryan >> >> - Print HAB event log if and only if a call was made to HAB >> and a meaningful status code has been obtained. - Breno >> >> v2: >> - Fix compilation warnings and errors in SPL highlighted by >> Breno Matheus Lima >> >> - Add CC: Breno Matheus Lima <[email protected]> to all patches >> >> v1: >> This patchset updates the i.MX HAB layer in u-boot to fix a list of >> identified issues and then to add and extend existing functionality. >> >> The first block of patches 0001-0006 deal with fixing existing code, >> >> - Fixes indentation >> - Fixes the treatment of input parameters to hab_auth_image. >> >> The second block of patches 0007-0013 are about tidying up the HAB code >> >> - Remove reliance on hard-coding to specific offsets >> - IVT header drives locating CSF >> - Continue to support existing boards >> >> Patches 0014 onwards extend out the HAB functionality. >> >> - hab_rvt_check_target is a recommended check in the NXP documents to >> perform prior to hab_rvt_authenticate_image >> - hab_rvt_failsafe is a useful function to set the board into BootROM >> USB recovery mode. >> >> >> >> Bryan O'Donoghue (25): >> arm: imx: hab: Make authenticate_image return int >> arm: imx: hab: Fix authenticate_image result code >> arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail >> arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail >> arm: imx: hab: Move IVT_SIZE to hab.h >> arm: imx: hab: Move CSF_PAD_SIZE to hab.h >> arm: imx: hab: Fix authenticate_image input parameters >> arm: imx: hab: Add IVT header definitions >> arm: imx: hab: Add IVT header verification >> arm: imx: hab: Verify IVT self matches calculated address >> arm: imx: hab: Only call ROM once headers are verified >> arm: imx: hab: Print CSF based on IVT descriptor >> arm: imx: hab: Print additional IVT elements during debug >> arm: imx: hab: Define rvt_check_target() >> arm: imx: hab: Implement hab_rvt_check_target >> arm: imx: hab: Add a hab_rvt_check_target to image auth >> arm: imx: hab: Print HAB event log only after calling ROM >> arm: imx: hab: Make internal functions and data static >> arm: imx: hab: Prefix authenticate_image with imx_hab >> arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled >> arm: imx: hab: Make authenticate_image() return zero on open boards >> arm: imx: hab: Make imx_hab_is_enabled global >> arm: imx: hab: Define rvt_failsafe() >> arm: imx: hab: Implement hab_rvt_failsafe >> arm: imx: hab: Add hab_failsafe console command >> >> arch/arm/include/asm/mach-imx/hab.h | 46 +++- >> arch/arm/mach-imx/hab.c | 461 >> +++++++++++++++++++++--------------- >> arch/arm/mach-imx/spl.c | 38 ++- >> 3 files changed, 354 insertions(+), 191 deletions(-) > > I tried Secure boot before[1] with SPL and U-Boot proper and work well. > > I'm observing authentication issue while loading U-Boot proper, U-Boot > proper now have features like SPL DM and SPL FIT etc > > U-Boot SPL 2018.03-rc1-00182-gb81f7c9 (Feb 08 2018 - 17:19:03 +0530) > Trying to boot from MMC1 > Expected Linux image is not found. Trying to start U-boot > > Authenticate image from DDR location 0x17800000... > bad magic magic=0xb8 length=0x841b version=0x17 > bad length magic=0xb8 length=0x841b version=0x17 > bad version magic=0xb8 length=0x841b version=0x17 > spl: ERROR: image authentication unsuccessful > ### ERROR ### Please RESET the board ### > > Please let me know where I missed, I'm authenticating SPL and > u-boot-dtb.img now.
Can you please check if the generated u-boot-dtb.img contains a IVT table appended in the end of the image? The mx6slevk_spl_defconfig target also generates SPL + u-boot-dtb.img but I have to use the u-boot-ivt.img binary instead. In my case u-boot-dtb.img does not includes a IVT table. Best Regards, Breno Lima _______________________________________________ U-Boot mailing list [email protected] https://lists.denx.de/listinfo/u-boot
