Hi Bryan,
On Tue, Jul 30, 2019 at 4:32 PM Bryan O'Donoghue bryan.odonoghue@linaro.org wrote:
On 30/07/2019 12:00, Igor Opaniuk wrote:
Hi folks,
Just curious if you ever faced any issues with HABv4 based secure boot on iMX7 SoC-based boards + NAND + mainline U-Boot (although it works perfectly when booting from eMMC).
I'm currently playing with it on Colibri iMX7 NAND version, following all steps from [1], (colibri_imx7_defconfig, where CONFIG_SECURE_BOOT=y and CONFIG_FSL_CAAM=y, without these two options enabled it's booting ok) and facing the same issue as explained in one of NXP forum threads [2]. Taking into account that default BootROM doesn't provide any output at all to the serial console it is like looking for a needle in a haystack.
When HAB authentication fails in the BootROM it should drop you back into serial download mode.
Does that happen ?
Yes, it does.
imx_usb detects it(15a2:0076(mx7)):
config file <imx_flash/imx_usb.conf> vid=0x066f pid=0x3780 file_name=mx23_usb_work.conf vid=0x15a2 pid=0x004f file_name=mx28_usb_work.conf vid=0x15a2 pid=0x0052 file_name=mx50_usb_work.conf vid=0x15a2 pid=0x0054 file_name=mx6_usb_work.conf vid=0x15a2 pid=0x0061 file_name=mx6_usb_work.conf vid=0x15a2 pid=0x0063 file_name=mx6_usb_work.conf vid=0x15a2 pid=0x0071 file_name=mx6_usb_work.conf vid=0x15a2 pid=0x007d file_name=mx6_usb_work.conf vid=0x15a2 pid=0x0076 file_name=mx7_usb_work.conf vid=0x15a2 pid=0x0041 file_name=mx51_usb_work.conf vid=0x15a2 pid=0x004e file_name=mx53_usb_work.conf vid=0x15a2 pid=0x006a file_name=vybrid_usb_work.conf vid=0x066f pid=0x37ff file_name=linux_gadget.conf config file <imx_flash/mx7_usb_work.conf> parse imx_flash/mx7_usb_work.conf 15a2:0076(mx7) bConfigurationValue =1 Interface 0 claimed HAB security state: development mode (0x56787856) == work item filename colibri-imx7_bin/u-boot-nand.imx load_size 0 bytes load_addr 0x00000000 dcd 1 clear_dcd 0 plug 1 jump_mode 2 jump_addr 0x00000000 == end work item main dcd length 1b4 sub dcd length 164 sub dcd length c Check Data Command(10) success @307900c4=1d9 mask 1 sub dcd length 34 sub dcd length c Check Data Command(10) success @307a0004=1 mask 1
loading binary file(colibri-imx7_bin/u-boot-nand.imx) to 877ff400, skip=0, fsize=a2c00 type=aa
<<<666624, 666624 bytes>>> succeeded (status 0x88888888) jumping to 0x877ff400