On 09/02/18 07:27, Jagan Teki wrote:
On Thu, Feb 8, 2018 at 9:47 PM, Bryan O'Donoghue
I'm observing authentication issue while loading U-Boot proper, U-Boot
proper now have features like SPL DM and SPL FIT etc
U-Boot SPL 2018.03-rc1-00182-gb81f7c9 (Feb 08 2018 - 17:19:03 +0530)
Trying to boot from MMC1
Expected Linux image is not found. Trying to start U-boot
Authenticate image from DDR location 0x17800000...
bad magic magic=0xb8 length=0x841b version=0x17
bad length magic=0xb8 length=0x841b version=0x17
bad version magic=0xb8 length=0x841b version=0x17
spl: ERROR: image authentication unsuccessful
### ERROR ### Please RESET the board ###
Please let me know where I missed, I'm authenticating SPL and
Can you please check if the generated u-boot-dtb.img contains a IVT
table appended in the end of the image?
The mx6slevk_spl_defconfig target also generates SPL + u-boot-dtb.img
but I have to use the u-boot-ivt.img binary instead. In my case
u-boot-dtb.img does not includes a IVT table.
At a guess I'd say it's the fix we did for hab_auth_img - I guess Jagan you
have an out-of-tree implementation here ?
Basically I'm trying to compare this with implementation before, look
like issue is IVT image signature is missing for when
CONFIG_SPL_LOAD_FIT defined. It's working without SPL_LOAD_FIT.
If you have a command in your environment that looks like this
hab_auth_img 0x17800000 0x10000
that should now be
hab_auth_img 0x17800000 0x10000 0xF400
assuming the CSF footer is aprox 0xC00 bytes padded.
git show c5800b2
arm: imx: hab: Fix authenticate_image input parameters
1: Adding a new parameter to hab_auth_img
- addr : image hex address
- length : total length of the image
- offset : offset of IVT from addr
I've created u-boot-ivt.image which we did in previous releases and
padded 0x2000 to CSF to align the size of CONFIG_CSF_SIZE
Image Name: U-Boot 2018.03-rc1-00182-gb81f7c
Created: Fri Feb 9 11:00:05 2018
Image Type: ARM U-Boot Firmware with HABv4 IVT (uncompressed)
Data Size: 360384 Bytes = 351.94 KiB = 0.34 MiB
Load Address: 17800000
Entry Point: 00000000
HAB Blocks: 0x177fffc0 0x0000 0x00056020
icorem6qdl-rqs> hab_auth_img 0x177fffc0 0x58020 0x56020
Authenticate image from DDR location 0x177fffc0...
bad magic magic=0xd4 length=0x5000 version=0x41
bad length magic=0xd4 length=0x5000 version=0x41
Ah... is that diagram accurate ?
You are perpending the IVT to your image header
In which case your command should be
icorem6qdl-rqs> hab_auth_img 0x177fffc0 0x58020 0
Incidentially you are pointed at the CSF there not the IVT.
High Assurance Boot Version 4 Application Programming Interface
Reference Manual section 6.2
tag = 0xD4 => CSF
tag = 0xD1 => IVT
U-Boot mailing list