Hello ,
I am facing an issue with the toradex easy installer application . I am unable to use it in the recover mode in my module i.MX7 D colibri module , which is securely configured , meaning the board is setup with Secure boot .
The relevant fuses have been blown so that only signed u-boot image will be allowed to execute on it.
To test the secure boot functionality , I tried to load an unsigned image on to my device , the board did not boot up , which is a good sign .
BUt the board on the other hand is bricked .On reset nothing shows up on the console. I cannot also use the easy installer application to flash my signed image. In the recovery mode , the image is not loaded on to the board . I can see the following log :
Downloading Toradex Easy Installer...
[sudo] password for user:
config file <./recovery//imx_usb.conf>
vid=0x15a2 pid=0x0054 file_name=mx6_usb_rom.conf
-> vid=0x1b67 pid=0x4fff file_name=mx6_usb_sdp_spl.conf
-> vid=0x1b67 pid=0x4000 file_name=mx6_usb_sdp_uboot.conf
vid=0x15a2 pid=0x0061 file_name=mx6_usb_rom.conf
-> vid=0x1b67 pid=0x4fff file_name=mx6_usb_sdp_spl.conf
-> vid=0x1b67 pid=0x4000 file_name=mx6_usb_sdp_uboot.conf
vid=0x15a2 pid=0x0076 file_name=mx7_usb_rom.conf
-> vid=0x1b67 pid=0x4000 file_name=mx7_usb_sdp_uboot.conf
vid=0x15a2 pid=0x0080 file_name=mx6ull_usb_rom.conf
-> vid=0x1b67 pid=0x4000 file_name=mx6ull_usb_sdp_uboot.conf
config file <./recovery//mx7_usb_rom.conf>
parse ./recovery//mx7_usb_rom.conf
Trying to open device vid=0x15a2 pid=0x0076
Interface 0 claimed
HAB security state: production mode (0x12343412)
== work item
filename u-boot.imx
load_size 0 bytes
load_addr 0x83f00000
dcd 1
clear_dcd 0
plug 0
jump_mode 2
jump_addr 0x00000000
== end work item
loading DCD table @0x910000
<<<-588, 1024 bytes>>>
succeeded (status 0x128a8a12)
loading binary file(u-boot.imx) to 877ff400, skip=0, fsize=55c00 type=aa
<<<351232, 351232 bytes>>>
succeeded (status 0x88888888)
jumping to 0x877ff400
j4 in err=0, last_trans=64 33 22 0a 00
config file <./recovery//mx7_usb_sdp_uboot.conf>
parse ./recovery//mx7_usb_sdp_uboot.conf
Trying to open device vid=0x1b67 pid=0x4000.........................
Could not open device vid=0x1b67 pid=0x4000
Downloading Toradex Easy Installer failed...
Any suggestions how to recover the board back . How can i use the easy installer application back on this board.
I’m only generally familiar with what needs to be done in order to make our Easy Installer compatible with a HAB locked module. I’ll provide some general steps below but I personally don’t have any exact hard instructions.
So you’ll need to make changes to your CSF file that you created and append onto u-boot binaries in order to “sign” them. More details about these changes can be found in Appendix F of NXP application note AN4581. This describes how to make a CSF compatible for the serial download protocol (SDP) that our Easy Installer tool uses.
After that you’ll need to build our U-Boot binary from source and append this new modified CSF onto it. When building our U-Boot for Easy Installer you’ll use the colibri_imx7_tezi_recovery_defconfig as your defconfig file.
Once the binary is built and you’ve appended the modified CSF you’ll need to replace the U-Boot binary that comes with Easy Installer with this new U-Boot so that gets loaded instead of our default one.
Then in theory it should “just work”, please note that I have not tried this personally myself so I can’t be too much more specific than this.
Hi @jeremias.tx
Thanks for the suggestion. I am able to recover my module back and use toradex easy installer back on my device in closed configuration [ via HAB ].
The steps mentioned by you are clear and correct. I would like to share my results below.
Recovery Procedure on devices in closed config :
Clone the U-boot source code .
Enable the HAB feature by adding [CONFIG_SECURE_BOOT=y] in config file.
Build it with colibri_imx7_tezi_recovery_defconfig as config file.
Modify the CSF file as per the steps mentioned in the DOC AN4581 (F ) section , which states to remove DCD pointer , build the csf and add back DCD pointer and generate the signed binary.Steps are clear to be followed. Also same is even mentioned in this link with easy steps refer /folllow either of these “https://boundarydevices.com/high-assurance-boot-hab-dummies/”.
Then replace this binary u-boot.imx in the root folder of Toradex easy installer.
Bring the device into recovery mode , and then flash the software. The log is as below: