Hi Bryan,
On Tue, Jul 30, 2019 at 5:08 PM Bryan O'Donoghue bryan.odonoghue@linaro.org wrote:
On 30/07/2019 15:02, Bryan O'Donoghue wrote:
On 30/07/2019 14:56, Igor Opaniuk wrote:
Does that happen ?
Yes, it does.
And the board is closed ?
Actually it's not. In U-boot stored to RAM via recovery:
Colibri iMX7 # hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 ----------------- event data: 0xdb 0x00 0x08 0x42 0x33 0x22 0x0a 0x00
STS = HAB_FAILURE (0x33) RSN = HAB_INV_ADDRESS (0x22) CTX = HAB_CTX_AUTHENTICATE (0x0A) ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 2 ----------------- event data: 0xdb 0x00 0x08 0x42 0x33 0x22 0x0a 0x00
STS = HAB_FAILURE (0x33) RSN = HAB_INV_ADDRESS (0x22) CTX = HAB_CTX_AUTHENTICATE (0x0A) ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 3 ----------------- event data: 0xdb 0x00 0x08 0x42 0x33 0x22 0x0a 0x00
STS = HAB_FAILURE (0x33) RSN = HAB_INV_ADDRESS (0x22) CTX = HAB_CTX_AUTHENTICATE (0x0A) ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 4 ----------------- event data: 0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00 0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x00 0x00 0x00 0x00 0x20
STS = HAB_FAILURE (0x33) RSN = HAB_INV_ASSERTION (0x0C) CTX = HAB_CTX_ASSERT (0xA0) ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 5 ----------------- event data: 0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00 0x00 0x00 0x00 0x00 0x87 0x80 0x00 0x00 0x00 0x00 0x00 0x04
STS = HAB_FAILURE (0x33) RSN = HAB_INV_ASSERTION (0x0C) CTX = HAB_CTX_ASSERT (0xA0) ENG = HAB_ENG_ANY (0x00)
Obviously yes it is.
You have to sign the binary differently for serial download versus boot from eMMC - I guess this holds for NAND too.
https://boundarydevices.com/high-assurance-boot-hab-dummies/
I have a serial download version of u-boot and an eMMC version for signed boards for that reason i.e. you can't use the same image.
HAB for dummies explains it.
bod
Anyway, let me go through this article one more time, and I'll get back to you.
Thanks for suggestions!