Home/Support/Support Forum/Set up secure boot
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

Set up secure boot

0 votes
Hi,

I follow the Set up secure boot instruction and can sucessfully build the uboot image.
But when I udpate the signed uboot, the boot progress stucks at "DRAM: 256 MiB" as follows

#### console output ####
CPU: i.MX6UL rev1.1 528 MHz (running at 396 MHz)
CPU: Industrial temperature grade (-40C to 105C) at 47C
Reset cause: POR
I2C: ready
DRAM: 256 MiB
#### console output ####

I use the ccimx6ul Starter Kit
And the uboot image file name is u-boot-dtb-signed-ccimx6ulstarter-2020.04-r0.imx
When I recover the uboot using normal uboot image, and type in command "hab_status", I get the following error

HAB Event 1
event data:
0xdb 0x00 0x08 0x42 0x33 0x22 0x0a 0x00

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ADDRESS (0x22)
CTX = HAB_CTX_AUTHENTICATE (0x0A)
ENG = HAB_ENG_ANY (0x00)

Please help, thanks in advance.
asked Jun 25 in Linux by phammanh New to the Community (0 points)
Which version of DEY are you using?
it looks like a known bug related to an issue with the toolchain in which U-Boot code changes (such as enabling Trustfence-related configurations) will cause the binary to freeze in seemingly random places early in the boot process.

 we do have a workaround for this issue that is available in the latest Digi U-Boot sources in GitHub. If you build their Yocto project using the dey-3.0 maintenance branch instead of the latest release tag, you should be able to include this workaround into your code. Hopefully, that solves the freezing issue (along with other unrelated issues that have been fixed after the latest 3.0 release).

~$ cd /usr/local/dey-3.0
~$ repo init -u https://github.com/digi-embedded/dey-manifest.git -b zeus
~$ repo sync -j8 --no-repo-verify

Then clean and rebuild your workspace project.
I follow the install instruction and currently use the stable release version
https://github.com/digi-embedded/dey-manifest.git -b refs/tags/3.0-r4.1

I will rebuild with the zeus branch. But is it ok to use this branch for production?
yes, it is ok. We are close to releasing DEY 3.2 btw

Please log in or register to answer this question.

1 Answer

0 votes
please provide the output of the:
"trustfence status" U-boot command
answered Jun 27 by LeonidM Veteran of the Digi Community (4,359 points)
This is the output of the "trustfence status" command

=> trustfence status
* SRK fuses:            [NOT PROGRAMMED]
   Key 0:               [OK]
   Key 1:               [OK]
   Key 2:               [OK]
   Key 3:               [OK]
* Secure boot:          [OPEN]
* Encrypted U-Boot:     [NO]
* HAB events:           [ERRORS PRESENT!]
...