Hi,
On Wed, 2022-06-08 at 17:39 +0200, Michael Nazzareno Trimarchi wrote:
Hi Tim
On Wed, Jun 8, 2022 at 5:25 PM Tim Harvey tharvey@gateworks.com wrote:
On Wed, Jun 8, 2022 at 8:09 AM Tommaso Merciai tommaso.merciai@amarulasolutions.com wrote:
Hi,
On Wed, Jun 08, 2022 at 04:14:51PM +0200, Michael Nazzareno Trimarchi wrote:
Hi
On Wed, Jun 8, 2022 at 4:13 PM Fabio Estevam festevam@gmail.com wrote:
Hi,
On top of tree U-Boot, when CONFIG_IMX_HAB=y is selected in imx8mm_evk_defconfig, the following error messages are seen:
U-Boot SPL 2022.07-rc3-00097-g26aa5e5c3fbc-dirty (Jun 08 2022
- 10:59:56 -0300)
SEC0: RNG instantiated Normal Boot WDT: Started watchdog@30280000 with servicing (60s timeout) Trying to boot from MMC1 hab fuse not enabled
Authenticate image from DDR location 0x401fcdc0... bad magic magic=0x0 length=0x00 version=0x0 bad length magic=0x0 length=0x00 version=0x0 bad version magic=0x0 length=0x00 version=0x0 Error: Invalid IVT structure
You need to have a sign image
Agree
Maybe this page can help you Fabio https://boundarydevices.com/high-assurance-boot-hab-i-mx8m-edition/
Tommaso,
Is that info still applicable to mainline U-Boot where binman is used to generate images?
I'm not clear how the image signing is affected when using binman. I believe Heiko was talking about getting binman to sign images at one point but I'm not sure if anyone has worked on that.
We should use the CST to sign image. I don't know if anyone is working on this for binman
Michael
Best Regards,
Tim
I've been working on creating the CSF within Binman. I basically introduced two novelties in my code:
1. Fully generate the CSF for the U-Boot SPL within Binman 2. Embed a sha256 hash of U-Boot TPL in the SPL (wich is signed through the CSF). So the TPL can be verified using a simple hash check.
See https://gitlab.com/hberntsen/u-boot/-/commits/secure-boot for my commits on top of v2022.04. I did not submit those yet as I wanted to internally test and review. Unfortunately, due to other priorities this has not happened yet. So if anyone wants to help, let me know :).
Kind regards, Harm