[U-Boot] i.MX HAB: U-Boot loading from SPI NOR flash
Hello all,
I'm trying to make the High Assurance Boot (HAB) work in an iMX6UL-based board.
Here is the context of my experiment:
0) Reference documentation: [1] Secure Boot on i.MX 50, i.MX 53, i.MX 6 and i.MX 7 Series using HABv4, Document Number: AN4581, Rev. 2 , 05/2018 [2] i.MX 6UltraLite Applications Processor Reference Manual, Document Number: IMX6ULRM Rev. 1, 04/2016
1) i.MX6UL-based board 2) Fuses set to boot from "Serial ROM though SPI", in reality there is a NOR flash there 3) Compiled/tried NXP U-Boot 2017.03 and 2018.03 with CONFIG_SECURE_BOOT=y 4) Both versions boot properly, I can use themselves to reflash and iterate a new U-Boot in NOR Flash
As far I've understood, the ROM code loads the first 4KB in SRAM to first check the U-Boot header values, [2] 8.5.4.2 ECSPI Boot.
If the header is ok, the whole U-Boot image in copied from NOR SPI to "application destination".
**First question**:
I assume that some code in the first 4KB have to be executed in order to turn on the external DRAM, otherwise the ROM code could not copy data to the "application destination".
With this assumption, I cannot understand how the HAB can check the signature of the whole U-Boot image before running any code inside it.
**Second question**:
Basically what I need to know is what address should I tell HAB to start checking the signature. In the application note [1], the address is set to the DRAM (external bus).
Thanks for your help, Fernando
Hello all,
I figured out by myself, just posting here in case someone else need the info...
What happens is that the DCD block in the U-Boot image header contains a minimal setup info to start the external DRAM. After initializing the DRAM, the ROM code will copy the whole U-Boot image to the external DRAM. Then, the ROM code will compute the U-Boot image signature and compare to the attached one coming with the U-Boot image itself.
The tricky part is determining the DRAM address where the signature computation should begin. To do so, we need to modify the very automated building in NXP U-Boot to dump info of the following step:
MKIMAGE u-boot-dtb.imx
Adding SHELL='sh -x' to the make command we see:
+ ./tools/mkimage -n board/hms/mx6ul_ewon4/imximage.cfg.cfgtmp -T imximage -e 0x87800000 -d u-boot-dtb.bin u-boot-dtb.imx
The output of this command, manually run, gives:
Image Type: Freescale IMX Boot Image Image Ver: 2 (i.MX53/6/7 compatible) Mode: DCD Data Size: 475136 Bytes = 464.00 KiB = 0.45 MiB Load Address: 877ff420 Entry Point: 87800000 HAB Blocks: 877ff400 00000000 0006fc00 DCD Blocks: 00910000 0000002c 000001f0
Here, from HAB Blocks, we can infer that the signature computation starts at 0x877ff400 (in the i.MX6UL DRAM space) and covers a size of 0x6fc00 bytes, which corresponds to the size of u-boot-dtb.imx. Setting up these values to the code signing tool configuration works.
Hope it helps someone one day, Fernando
On Fri, Feb 8, 2019 at 10:46 AM Fernando AE fernando.ae2017@gmail.com wrote:
Hello all,
I'm trying to make the High Assurance Boot (HAB) work in an iMX6UL-based board.
Here is the context of my experiment:
- Reference documentation:
[1] Secure Boot on i.MX 50, i.MX 53, i.MX 6 and i.MX 7 Series using HABv4, Document Number: AN4581, Rev. 2 , 05/2018 [2] i.MX 6UltraLite Applications Processor Reference Manual, Document Number: IMX6ULRM Rev. 1, 04/2016
- i.MX6UL-based board
- Fuses set to boot from "Serial ROM though SPI", in reality there is
a NOR flash there 3) Compiled/tried NXP U-Boot 2017.03 and 2018.03 with CONFIG_SECURE_BOOT=y 4) Both versions boot properly, I can use themselves to reflash and iterate a new U-Boot in NOR Flash
As far I've understood, the ROM code loads the first 4KB in SRAM to first check the U-Boot header values, [2] 8.5.4.2 ECSPI Boot.
If the header is ok, the whole U-Boot image in copied from NOR SPI to "application destination".
**First question**:
I assume that some code in the first 4KB have to be executed in order to turn on the external DRAM, otherwise the ROM code could not copy data to the "application destination".
With this assumption, I cannot understand how the HAB can check the signature of the whole U-Boot image before running any code inside it.
**Second question**:
Basically what I need to know is what address should I tell HAB to start checking the signature. In the application note [1], the address is set to the DRAM (external bus).
Thanks for your help, Fernando
participants (1)
-
Fernando AE