Hi everyone,
I'm performing some secure boot tests on the Toradex Colibri iMX7D 1GB v1.1 module.
By following the procedure explained in AN4581, I am able to create a custom signed u-boot and to verify it by means of hab_status command.
I successfully used easy installer 1.8 (via USB OTG) to update the u-boot.
The next step was to extend the root of trust to the Linux Kernel (Appendix G of AN4581) signing the zImage.
As for u-boot, I successfully load the new kernel via easy installer but the execution of hab_auth_img command failed.
As I figured out, I need to "close" the device by blowing the SEC_CONFIG bit in order to let the u-boot to verify the kernel signature.
After I closed the device, I was not able anymore to use easy installer.
Here is the output of the execution od "recovery-windows.bat"
config file
vid=0x15a2 pid=0x0054 file_name=mx6_usb_rom.conf
-> vid=0x1b67 pid=0x4fff file_name=mx6_usb_sdp_spl.conf
-> vid=0x1b67 pid=0x4000 file_name=mx6_usb_sdp_uboot.conf
vid=0x15a2 pid=0x0061 file_name=mx6_usb_rom.conf
-> vid=0x1b67 pid=0x4fff file_name=mx6_usb_sdp_spl.conf
-> vid=0x1b67 pid=0x4000 file_name=mx6_usb_sdp_uboot.conf
vid=0x15a2 pid=0x0076 file_name=mx7_usb_rom.conf
-> vid=0x1b67 pid=0x4000 file_name=mx7_usb_sdp_uboot.conf
vid=0x15a2 pid=0x0080 file_name=mx6ull_usb_rom.conf
-> vid=0x1b67 pid=0x4000 file_name=mx6ull_usb_sdp_uboot.conf
config file
parse recovery\\\mx7_usb_rom.conf
Trying to open device vid=0x15a2 pid=0x0076
Interface 0 claimed
HAB security state: production mode (0x12343412)
== work item
filename u-boot.imx
load_size 0 bytes
load_addr 0x83f00000
dcd 1
clear_dcd 0
plug 0
jump_mode 2
jump_addr 0x00000000
== end work item
loading DCD table @0x910000
<<<-588, 1024 bytes>>>
succeeded (status 0x128a8a12)
loading binary file(u-boot.imx) to 877ff400, skip=0, fsize=55c00 type=aa
<<<351232, 351232 bytes>>>
succeeded (status 0x88888888)
jumping to 0x877ff400
j4 in err=0, last_trans=64 33 22 0a 00
config file
parse recovery\\\mx7_usb_sdp_uboot.conf
Trying to open device vid=0x1b67 pid=0x4000.........................
Could not open device vid=0x1b67 pid=0x4000
Premere un tasto per continuare . . .
From the serial console no output showed up.
HAB security state: production mode (0x12343412)
Being in production mode could collide with the not signed Toradex Easy Installer's u-boot?
How is it possibile to update a zImage in a "closed" device?
Thank you in advance for your support.
Luca
↧