Hi,
We are implementing HAB secure boot for custom board based on colibri imx6ull 512MB wifi-bt and yocto BSP 5.7.0 layer. We’ve managed to successfully sign u-boot binary (no HAB events), but extending this to kernel and dtb image authentication fails with data abort interrupt.
Output of trying to authenticate signed zImage:
Colibri iMX6ULL # ubifsmount ubi0:rootfsb
Colibri iMX6ULL # ubifsload ${kernel_addr_r} /boot/zImage
Loading file '/boot/zImage' to addr 0x81000000...
Done
Colibri iMX6ULL # md 0x81691000 8
81691000: 402000d1 81000000 00000000 00000000 .. @............
81691010: 00000000 81691000 81691020 00000000 ......i. .i.....
Colibri iMX6ULL # hab_auth_img ${kernel_addr_r} ${filesize} 0x691000
Authenticate image from DDR location 0x81000000...
data abort
pc : [<0000a8a2>] lr : [<0000ab1f>]
reloc pc : [<e78b58a2>] lr : [<e78b5b1f>]
sp : 9df2c2a8 ip : 0000e7ed fp : 00690fe0
r10: 04d3f640 r9 : 9df2c584 r8 : 00000000
r7 : 00000000 r6 : 00904cb4 r5 : 04d3f640 r4 : 00000000
r3 : 5be0cd19 r2 : 00000008 r1 : 00904cb4 r0 : 04d3f640
Flags: nZCv IRQs off FIQs off Mode SVC_32 (T)
Code: 2a08 d1ea 4605 2400 (f810) 7024
Resetting CPU ...
resetting ...
We are using cst version 3.3.2 and RSA 4096 bit keys.
CSF Text:
[Header]
Version = 4.2
Hash Algorithm = sha256
Engine = SW
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "../crts/srk_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
File = "../crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
Verification index = 0
Target index = 2
File = "../crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem"
[Authenticate Data]
Verification index = 2
Blocks = 81000000 0x00000000 0x00691020 "/tmp/cst_CODE_SIGN/kernel_image.bin"
As said before, u-boot signing produces no HAB events, so why does this fail?