On Wednesday, November 18, 2015 at 10:57:13 AM, Florian Achleitner wrote:
Hi,
On Wednesday, November 18, 2015 09:55:12 AM Marek Vasut wrote:
On Tuesday, November 17, 2015 at 02:16:06 PM, Florian Achleitner wrote:
Hi Marek,
Hi,
thanks for you contributions to support mxs HAB v4 in u-boot. I'm currently experimenting with HAB on my imx28 board. I think I put everything together quite well.
But examining the HAB event log I see two successful authentications for the u-boot.bin and the IVT followed by a FAILURE with "unsupported command" in the "CSF Context". It is the same for both the SPL and the main u-boot. Did you see something similar? It suggests a wrong command in the CSF file, but I think there is not a lot that can be wrong in the CSF input file for the cst tool. But probably the cst output is different between versions? I use version BLN_CST_MAIN_02.03.00.
I use u-boot's mkimage, which can generate a signed boot stream, together with your hand-crafted IVT generator in the Makefile.
Can you share your CSF files (make sure to blank out the private material) ?
The CSF follows. It is the same for the spl and the main u-boot.
Anyways, I currently suspect the cst tool in its current version (2.3.1) to produce binaries that are incompatible with the mx28 HAB Rom. However, I couldn't find an older version of the cst yet, so I can't try it at the moment.
Thanks! Florian
[Header] Version = 4.0 Hash Algorithm = sha256 Engine Configuration = 0 Certificate Format = X509 Signature Format = CMS Engine = DCP
I use "Engine = ANY" here, not sure if it matters.
[Install SRK] File = "$SRK_1_2_table.bin" Source index = 0
[Install CSFK] File = "$CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key] Verification index = 0 Target index = 2 File = "$IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data] Verification index = 2
Here I use "Engine = DCP" (missing in your example)
I am using BLN_CST_MAIN_02.00.00 btw.
Best regards, Marek Vasut