On 09/02/18 07:27, Jagan Teki wrote:
On Thu, Feb 8, 2018 at 9:47 PM, Bryan O'Donoghue
<bryan.odonog...@linaro.org> wrote:

I'm observing authentication issue while loading U-Boot proper, U-Boot
proper now have features like SPL DM and SPL FIT etc

U-Boot SPL 2018.03-rc1-00182-gb81f7c9 (Feb 08 2018 - 17:19:03 +0530)
Trying to boot from MMC1
Expected Linux image is not found. Trying to start U-boot

Authenticate image from DDR location 0x17800000...
bad magic magic=0xb8 length=0x841b version=0x17
bad length magic=0xb8 length=0x841b version=0x17
bad version magic=0xb8 length=0x841b version=0x17
spl: ERROR:  image authentication unsuccessful
### ERROR ### Please RESET the board ###

Please let me know where I missed, I'm authenticating SPL and
u-boot-dtb.img now.

Can you please check if the generated u-boot-dtb.img contains a IVT
table appended in the end of the image?

The mx6slevk_spl_defconfig target also generates SPL + u-boot-dtb.img
but I have to use the u-boot-ivt.img binary instead. In my case
u-boot-dtb.img does not includes a IVT table.

Best Regards,
Breno Lima

At a guess I'd say it's the fix we did for hab_auth_img - I guess Jagan you
have an out-of-tree implementation here ?

Basically I'm trying to compare this with implementation before, look
like issue is IVT image signature is missing for when
CONFIG_SPL_LOAD_FIT defined.  It's working without SPL_LOAD_FIT.

If you have a command in your environment that looks like this

hab_auth_img 0x17800000 0x10000

that should now be

hab_auth_img 0x17800000 0x10000 0xF400

assuming the CSF footer is aprox 0xC00 bytes padded.

git show c5800b2

arm: imx: hab: Fix authenticate_image input parameters

1: Adding a new parameter to hab_auth_img
        - addr   : image hex address
        - length : total length of the image
        - offset : offset of IVT from addr

I've created u-boot-ivt.image which we did in previous releases[2] and
padded 0x2000 to CSF to align the size of CONFIG_CSF_SIZE

Image Name:   U-Boot 2018.03-rc1-00182-gb81f7c
Created:      Fri Feb  9 11:00:05 2018
Image Type:   ARM U-Boot Firmware with HABv4 IVT (uncompressed)
Data Size:    360384 Bytes = 351.94 KiB = 0.34 MiB
Load Address: 17800000
Entry Point:  00000000
HAB Blocks:   0x177fffc0   0x0000   0x00056020

icorem6qdl-rqs> hab_auth_img 0x177fffc0 0x58020 0x56020

Authenticate image from DDR location 0x177fffc0...
bad magic magic=0xd4 length=0x5000 version=0x41
bad length magic=0xd4 length=0x5000 version=0x41


Ah... is that diagram accurate ?

You are perpending the IVT to your image header

In which case your command should be

icorem6qdl-rqs> hab_auth_img 0x177fffc0 0x58020 0

Incidentially you are pointed at the CSF there not the IVT.

High Assurance Boot Version 4 Application Programming Interface Reference Manual section 6.2

tag = 0xD4 => CSF
tag = 0xD1 => IVT

U-Boot mailing list

Reply via email to