dresden-fx
Active member
Hi all,
after adding loads of informative dump functions to the sketch, modifications in imxrt1662.ld, bootdata.c and startup.c and adapting the teensy4_hab.csf I finally made it. So the ROM-bootloader sucessfully passed HAB.
Here's the output of the sketch:
And here is how the teensy4_hab.csf looks:
after adding loads of informative dump functions to the sketch, modifications in imxrt1662.ld, bootdata.c and startup.c and adapting the teensy4_hab.csf I finally made it. So the ROM-bootloader sucessfully passed HAB.
Here's the output of the sketch:
Code:
CPU initialized and running from 6000346D
CPU UID: 28:4A:41:D2:65:F8:29:69
SRK Hash: 357F286C 9D03F0B5 0FD17D0B BC95D1AE A4845637 0F8C747F F6E81875 F973F092
Vectors (FLS): 60002000
[0] = 20010000 (Stack address)
[1] = 60002009 (Entry address)
Vectors (RAM): 20003C00
[0] = 60003691 (Stack address)
[1] = 60003691 (Entry address)
SRC Boot Info BOOT_MODE[1:0] = 0
BT_FUSE_SEL = 1
DIR_BT_DIS = 1
SEC_CONFIG = 1
BOOT_CFG1 = 0x19
BOOT_CFG2 = 0x00
BOOT_CFG3 = 0x00
BOOT_CFG4 = 0x00
HAB Version: 4.3.7
IVT detected at: 60001000
Image Vector Table (IVT) at Addr: 0x60001000
0xD1 0x00 0x20 0x43
0x09 0x20 0x00 0x60
0x00 0x00 0x00 0x00
0x30 0x10 0x00 0x60
0x20 0x10 0x00 0x60
0x00 0x10 0x00 0x60
0x00 0xB0 0x00 0x60
0x00 0x00 0x00 0x00
Tag: 0xD1 -> IVT
Len: 0x0020 -> 32 Bytes
Par: 0x43 -> HABVer: 4.3
Entry: 0x60002009
reserved: 0x00000000
DCD: 0x60001030
Bootdata: 0x60001020
ImgStart: 0x60000000
ImgSize: 0x0000BED0 (48848 Bytes)
Plugin: 0x00000000
Self: 0x60001000
CSF: 0x6000B000
reserved: 0x00000000
CSF detected at: 6000B000
Command Sequence File (CSF) at Addr: 6000B000
Tag: 0xD4 -> CSF
Len: 0x0030 -> 48 Bytes
Par: 0x41 -> HABVer: 4.1
---- CSF Command #0 ----
Command Data:
0xBE 0x00 0x0C 0x00
0x03 0x17 0x00 0x00
0x00 0x00 0x00 0x30
Tag: 0xBE -> INS_KEY
Len: 0x000C -> 12 Bytes
Par: 0x00
Flags: 0 0 0 0 0 0 0 0
H C M F C D C A
S I I I F A S B
H D D D G T F S
Proto: 0x03 -> SRK
Algo: 0x17 -> SHA256
Src: 0x00
Trg: 0x00
keyAddr: 0x00000030
---- CSF Command #1 ----
Command Data:
0xCA 0x00 0x0C 0x00
0x01 0xC5 0x00 0x00
0x00 0x00 0x04 0x98
Tag: 0xCA -> AUTH_DATA
Len: 0x000C -> 12 Bytes
Par: 0x00
Key: 0x01
Proto: 0xC5 -> CMS
Engine: 0x00 -> ANY
Config: 0x00
crtAddr: 0x00000498
---- CSF Command #2 ----
Command Data:
0xCA 0x00 0x14 0x00
0x00 0xC5 0x00 0x00
0x00 0x00 0x06 0x98
0x60 0x00 0x10 0x00
0x00 0x00 0xA0 0x00
Tag: 0xCA -> AUTH_DATA
Len: 0x0014 -> 20 Bytes
Par: 0x00
Key: 0x00
Proto: 0xC5 -> CMS
Engine: 0x00 -> ANY
Config: 0x00
crtAddr: 0x00000698
blkAddr: 0x60001000
blkSize: 0x0000A000 (40960 Bytes)
Linker Info
Image: S=60000000 E=6000BECF L=0000BED0
Name Size VMA LMA
.flsCfg 00000200 60000000 60000000 (512 Bytes)
.text 00007CD0 60001000 60001000 (31952 Bytes)
.itcm 00000000 00000020 60008CDC (0 Bytes)
.data 00002200 20000000 60008CDC (8704 Bytes)
.pad 00000124 6000AEDC 6000AEDC (292 Bytes)
.bss 000022C0 20003000 00000000 (8896 Bytes)
.csf 00002000 6000B000 6000B000 (8192 Bytes)
ROM-Boot ok.
Check target at address 60000000
Check target...success
HAB Configuration: 0xf0 (open) HAB State: 0x66 (non-secure)
No HAB Events Found!
And here is how the teensy4_hab.csf looks:
Code:
[Header]
Version = 4.1
[Install SRK]
File = "../crts/SRK_table.bin"
Source Index = 0
[Install NOCAK]
File = "../crts/SRK1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
Signature Format = CMS
[Authenticate Data]
Verification Index = 0
Blocks = 0x60001000 0x00001000 0x0000A000 "image.bin"
#[Unlock]
# Engine = OCOTP
# Features = JTAG
# #UID is fuses 0x410 & 0x420 (HW_OCOTP_CFG0, HW_OCOTP_CFG1)
# #UID = 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
# key blob info on security manual, page 429 - blog creation only in secure mode