Hello,
Just wanted to share my experience with getting secure boot to work on the Colibri i.MX6 ULL.
The steps outlined in High Assurance Boot (HAB) for dummies | Ezurio are correct, but there is one small detail that needs to be changed for the Colibri i.MX6 ULL.
Normally, the output file generated by U-boot is called u-boot.imx. However, for the Colibri i.MX6 ULL, another file is also generated, u-boot-nand.imx. This second file is generated by appending a 1024-byte zero padding to the end of u-boot.imx. u-boot-nand.imx is that we flash on to the device.
The HAB Blocks output at the end of the U-boot build refers to the length of u-boot.imx file, not u-boot-nand.imx. So, inside the Authenticate Data section of the CSF file, the Blocks parameter needs to refer to u-boot.imx. However, once the csf binary is generated, it needs to be appended to the end of the u-boot-nand.imx file. This will generate the final signed binary that you can flash on to the device.