TMDS64GPEVM: Warning: Did not detect image signing certificate

Jakub Grad

Part Number: TMDS64GPEVM

Hello

For our custom board we build linux image based on meta-ti yocto layers. We defined our custom yocto MACHINE ("puma"). When system boot up some warning appears that bootloaders are unsigned. How to get rid of this message? How to sign bootloaders using yocto?

U-Boot SPL 2021.01-g4a2944651e (Feb 21 2023 - 23:56:53 +0000)
EEPROM not available at 80, trying to read at 81
Reading on-board EEPROM at 0x51 failed -1
Resetting on cold boot to workaround ErrataID:i2331
resetting ...

U-Boot SPL 2021.01-g4a2944651e (Feb 21 2023 - 23:56:53 +0000)
EEPROM not available at 80, trying to read at 81
Reading on-board EEPROM at 0x51 failed -1
SYSFW ABI: 3.1 (firmware rev 0x0008 '8.4.7--v08.04.07 (Jolly Jellyfi')
esm main init failed: -19
esm mcu init failed: -19
SPL initial stack usage: 13408 bytes
###### PUMA SPL board init ######
Trying to boot from eth device
eth1: ethernet@8000000port@2
ethernet@8000000port@2 Waiting for PHY auto negotiation to complete...... done
link up on port 2, speed 100, full duplex
BOOTP broadcast 1
BOOTP broadcast 2
BOOTP broadcast 3
DHCP client bound to address 192.168.1.13 (1266 ms)
Using ethernet@8000000port@2 device
TFTP from server 192.168.1.11; our IP address is 192.168.1.13
Filename 'tispl.bin'.
Load address: 0x82000000
Loading: #################################################################
#################################################################
########################################
439.5 KiB/s
done
Bytes transferred = 869115 (d42fb hex)
Warning: Did not detect image signing certificate. Skipping authentication to prevent boot failure. This will fail on Security Enforcing(HS-SE) devices
Warning: Did not detect image signing certificate. Skipping authentication to prevent boot failure. This will fail on Security Enforcing(HS-SE) devices
Warning: Did not detect image signing certificate. Skipping authentication to prevent boot failure. This will fail on Security Enforcing(HS-SE) devices
Warning: Did not detect image signing certificate. Skipping authentication to prevent boot failure. This will fail on Security Enforcing(HS-SE) devices

Thanks

Jakub

over 1 year ago

0 Hong Guan64 over 1 year ago

TI__Guru 64995 points

Hello Jakub,
One reference on tiboot3.bin/u-boot vs device type (GP/HS-FS/HS-SE).
software-dl.ti.com/.../Foundational_Components_Migration_Guide.html
Best,
-Hong

0 Jakub Grad over 1 year ago in reply to Hong Guan64

Intellectual 680 points

Hello Hong

Thanks for link to guide. I also found in meta-ti class that seems to be responsible for signing images:

meta-ti-bsp/classes/uboot-sign-legacyhs.bbclass

Based on class description I generated RSA keys and added to my u-boot bbappend recipe following lines:

UBOOT_SIGN_KEYDIR = "${WORKDIR}/keys"
UBOOT_SIGN_KEYNAME = "dev"
UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
UBOOT_SIGN_ENABLE = "1"

And in kernel bbapend recipe:

KERNEL_CLASSES = " kernel-fitimage "
KERNEL_IMAGETYPE = "fitImage"

Compilation throwing error:

|   GEN     Makefile
|   CALL    /home/dm/jg-test-image/yocto-linux/build/tmp/work-shared/puma-k3r5/kernel-source/scripts/atomic/check-atomics.sh
|   CALL    /home/dm/jg-test-image/yocto-linux/build/tmp/work-shared/puma-k3r5/kernel-source/scripts/checksyscalls.sh
|   CHK     include/generated/compile.h
|   GEN     .version
|   CHK     include/generated/compile.h
|   LD      vmlinux.o
|   MODPOST vmlinux.symvers
|   MODINFO modules.builtin.modinfo
|   GEN     modules.builtin
|   LD      .tmp_vmlinux.kallsyms1
| arm-poky-linux-gnueabi-ld.bfd: drivers/memory/pl353-smc.o: in function `pl353_smc_driver_init':
| pl353-smc.c:(.init.text+0x8): undefined reference to `amba_driver_register'
| arm-poky-linux-gnueabi-ld.bfd: drivers/memory/pl353-smc.o: in function `pl353_smc_driver_exit':
| pl353-smc.c:(.exit.text+0x8): undefined reference to `amba_driver_unregister'
| make[1]: *** [/home/dm/jg-test-image/yocto-linux/build/tmp/work-shared/puma-k3r5/kernel-source/Makefile:1189: vmlinux] Error 1
| make: *** [/home/dm/jg-test-image/yocto-linux/build/tmp/work-shared/puma-k3r5/kernel-source/Makefile:185: __sub-make] Error 2
| ERROR: oe_runmake failed

Looks line some undefined reference to functions amba_driver_register and amba_driver_unregister. I checked menuconfig for kernel and option CONFIG_ARM_AMBA is set to y, so this error is really confusing.

Also during build process I get some warning:

Failure while adding public key to u-boot binary. Verified boot won't be available

Why? I have provided dev.key and dev.cert in ${WORKDIR}/keys.

Can you help me with those problems?

Thanks

Jakub

0 Hong Guan64 over 1 year ago in reply to Jakub Grad

TI__Guru 64995 points

Hello Jakub,
I'll loop in my colleague on your follow-up question on Yocto recipe.
Best,
-Hong

0 Andreas Dannenberg over 1 year ago in reply to Hong Guan64

TI__Guru 65077 points

Looks like you are running on a GP device. If so trying to sign those artifacts may make those warnings go away, but then other warnings will get shown, see the below section from the respective U-Boot source:

security.c-     if (get_device_type() == K3_DEVICE_TYPE_GP) {
security.c:             if (ti_secure_cert_detected(*p_image)) {
security.c-                     printf("Warning: Detected image signing certificate on GP device. "
security.c-                            "Skipping certificate to prevent boot failure. "
security.c-                            "This will fail if the image was also encrypted\n");
security.c-
security.c-                     cert_length = ti_secure_cert_length(*p_image);
security.c-                     if (cert_length > *p_size) {
security.c-                             printf("Invalid signing certificate size\n");
security.c-                             return;
security.c-                     }
security.c-
security.c-                     *p_image += cert_length;
security.c-                     *p_size -= cert_length;
security.c-             }
security.c-
security.c-             return;
security.c-     }
security.c-
security.c-     if (get_device_type() != K3_DEVICE_TYPE_HS_SE &&
security.c:         !ti_secure_cert_detected(*p_image)) {
security.c-             printf("Warning: Did not detect image signing certificate. "
security.c-                    "Skipping authentication to prevent boot failure. "
security.c-                    "This will fail on Security Enforcing(HS-SE) devices\n");
security.c-             return;
security.c-     }

If you are using GP devices temporarily, it'll be best to just ignore the U-Boot warning message you got. Ultimately any product should probably use HS-FS (or HS-SE devices), in both cases the signing is taken care of by the Yocto recipes of recent v8.x SDKs, and no warning message will be shown by U-Boot.

Regards, Andreas

0 Jakub Grad over 1 year ago in reply to Andreas Dannenberg

Intellectual 680 points

Hello Andreas

By which recipes signing is taken? How to specify custom keys using that recipes? So what is the purpose of this recipe:meta-ti-bsp/classes/uboot-sign-legacyhs.bbclass

I have patched security.c file adding some additional printf statements and it looks like warning "Did not detect image signing certificate..." is not caused by GP device type. Our board seems to be HS-FS based on logs that was printed on terminal.

Looks like static bool ti_secure_cert_detected(void *p_image) returns 0 which means certificate was not detected on image. So I renew my question: How to specify custom certificate and add in to image using Yocto? You claim that is should happen automatically by Yocto recipes but seems not.

U-Boot SPL 2021.01-g4a2944651e (Feb 21 2023 - 23:56:53 +0000)
EEPROM not available at 80, trying to read at 81
Reading on-board EEPROM at 0x51 failed -1
Resetting on cold boot to workaround ErrataID:i2331
resetting ...

U-Boot SPL 2021.01-g4a2944651e (Feb 21 2023 - 23:56:53 +0000)
EEPROM not available at 80, trying to read at 81
Reading on-board EEPROM at 0x51 failed -1
SYSFW ABI: 3.1 (firmware rev 0x0008 '8.6.4--v08.06.04 (Chill Capybar')
esm main init failed: -19
esm mcu init failed: -19
SPL initial stack usage: 13408 bytes
###### PUMA SPL board init ######
Trying to boot from eth device
eth1: ethernet@8000000port@2
ethernet@8000000port@2 Waiting for PHY auto negotiation to complete...... done
link up on port 2, speed 100, full duplex
BOOTP broadcast 1
BOOTP broadcast 2
BOOTP broadcast 3
BOOTP broadcast 4
DHCP client bound to address 192.168.1.13 (1766 ms)
Using ethernet@8000000port@2 device
TFTP from server 192.168.1.11; our IP address is 192.168.1.13
Filename 'tispl.bin'.
Load address: 0x82000000
Loading: #################################################################
#################################################################
#####################################################
460 KiB/s
done
Bytes transferred = 935371 (e45cb hex)
<custom> get_device_type() = 4
<custom> ti_secure_cert_detected(*p_image) true or false? 1
Authentication passed
<custom> get_device_type() = 4
<custom> ti_secure_cert_detected(*p_image) true or false? 0
<custom> device type: HS_SE
Warning: Did not detect image signing certificate. Skipping authentication to prevent boot failure. This will fail on Security Enforcing(HS-SE) devices
<custom> get_device_type() = 4
<custom> ti_secure_cert_detected(*p_image) true or false? 1
Authentication passed
<custom> get_device_type() = 4
<custom> ti_secure_cert_detected(*p_image) true or false? 1
Authentication passed
init_env from device 4 not supported!
Starting ATF on ARM64 core...

NOTICE: BL31: v2.8(release):v2.8-226-g2fcd408bb3-dirty
NOTICE: BL31: Built : 00:42:57, Jan 13 2023
I/TC:
I/TC: OP-TEE version: 3.20.0 (gcc version 11.3.0 (GCC)) #1 Fri Jan 20 15:42:54 UTC 2023 aarch64
I/TC: WARNING: This OP-TEE configuration might be insecure!
I/TC: WARNING: Please check optee.readthedocs.io/.../porting_guidelines.html
I/TC: Primary CPU initializing
I/TC: SYSFW ABI: 3.1 (firmware rev 0x0008 '8.6.4--v08.06.04 (Chill Capybar')
I/TC: HUK Initialized
I/TC: Activated SA2UL device
I/TC: Enabled firewalls for SA2UL TRNG device
I/TC: SA2UL TRNG initialized
I/TC: SA2UL Drivers initialized
I/TC: Primary CPU switching to normal world boot

U-Boot SPL 2021.01-g4a2944651e (Feb 21 2023 - 23:56:53 +0000)
EEPROM not available at 80, trying to read at 81
Reading on-board EEPROM at 0x51 failed -1
SYSFW ABI: 3.1 (firmware rev 0x0008 '8.6.4--v08.06.04 (Chill Capybar')
###### PUMA SPL board init ######
Trying to boot from eth device
eth1: ethernet@8000000port@2
ethernet@8000000port@2 Waiting for PHY auto negotiation to complete...... done
link up on port 2, speed 100, full duplex
BOOTP broadcast 1
BOOTP broadcast 2
BOOTP broadcast 3
DHCP client bound to address 192.168.1.13 (760 ms)
Using ethernet@8000000port@2 device
TFTP from server 192.168.1.11; our IP address is 192.168.1.13
Filename 'u-boot.img'.
Load address: 0x82000000
Loading: #################################################################
#################################################################
#################################################################
################################
316.4 KiB/s
done
Bytes transferred = 1159075 (11afa3 hex)
<custom> get_device_type() = 4
<custom> ti_secure_cert_detected(*p_image) true or false? 1
Authentication passed
<custom> get_device_type() = 4
<custom> ti_secure_cert_detected(*p_image) true or false? 1
Authentication passed

U-Boot 2021.01-g4a2944651e (Feb 21 2023 - 23:56:53 +0000)

In: serial@2800000
Out: serial@2800000
Err: serial@2800000
EEPROM not available at 80, trying to read at 81
Reading on-board EEPROM at 0x51 failed -1
<setup_board_eeprom_env> invalid_eeprom error!
U-BOOT DETECTED ETH BOOT DEVICE!!!
Net: eth1: ethernet@8000000port@2
Hit any key to stop autoboot: 0
=>

Jakub

+1 Andreas Dannenberg over 1 year ago in reply to Jakub Grad

TI__Guru 65077 points

Hi Jakub,

thanks for providing this additional background. I had a bit closer look, it seems like there are different issues at play here. I also noticed that the path you were pointing to (meta-ti-bsp/classes/uboot-sign-legacyhs.bbclass) is a reference to our Kirkstone development branch that is not officially supported yet (but will be in a few months), however essentially that same file resides in the current Dunfell-based SDKs at meta-arago/meta-arago-distro/classes/uboot-sign.bbclass. I would recommend sticking to the Dunfell-based branches until Kirkstone has been promoted to production for the time being.

Jakub Grad said:
Warning: Did not detect image signing certificate. Skipping authentication to prevent boot failure. This will fail on Security Enforcing(HS-SE) devices

Those warnings are emitted when U-Boot detects a specific binary artifact is missing the certificate required for the TI device-based (via public ROM key, and TIFS firmware) authentication process. If you search through the Yocto trees these artifacts get signed using an invocation of ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh from various recipes. The location of this script and the private keys that are used are made known to the Yocto build by defining the TI_SECURE_DEV_PKG_K3 environmental variable, pointing to the secure development package TI provides (note that there's a re-assignment of TI_SECURE_DEV_PKG = "${TI_SECURE_DEV_PKG_K3}" happening inside meta-ti/conf/machine/include/*, so don't let that confuse you. TI_SECURE_DEV_PKG_K3 is what needs to be defined on the outside/shell-level). Please also see here https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1223948/processor-sdk-am62x-yocto-build-for-am62x-evm/4621670#4621670 If you set this up correctly you should not get those U-Boot warning messages any longer.

Jakub Grad said:
So what is the purpose of this recipe:meta-ti-bsp/classes/uboot-sign-legacyhs.bbclass

The main purpose of this seems to be to support U-Boot's own verified boot process (https://github.com/u-boot/u-boot/blob/master/doc/uImage.FIT/verified-boot.txt), which is an additional layer of security. This scheme is activated by setting UBOOT_SIGN_ENABLE to '1' but this doesn't appear to be used in current TI SDKs. What it would do is also help against "mix and match" attacks by allowing the FIT configuration section to be included in an additional verification and signature step. Also see here for a related post: https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1213395/am64x-question-about-fit-image-signature/4598510#4598510 If you must get that U-Boot verified boot feature to work I can experiment with this some, but it is not yet supported as part of the SDK so I'll be limited on how much time/effort I could spend on this.

Regards, Andreas

0 Andreas Dannenberg over 1 year ago in reply to Andreas Dannenberg

TI__Guru 65077 points

Hi Jakub,

I got a chance to discuss this with the developers some more, and our upcoming Kirkstone-based SDKs will support the signing/authentication of the FIT images and configuration nodes the Yocto/U-Boot way, meaning using an UBOOT_SIGN_ENABLE = "1" approach. This is currently under active development and there are several tradeoffs that need to be considered from an ease-of-use and FW-update point of view. I'd expect this to be shaken out and available in the public TI Kirkstone trees in a few weeks. For now you should be using the existing basic approach where the individual image artifacts are signed using secure-binary-image.sh all going back to the TI device specific authentication approach.

Regards, Andreas

0 Jakub Grad over 1 year ago in reply to Andreas Dannenberg

Intellectual 680 points

Hi Andreas

Thank you for comprehensive answer.

Regarding to this U-Boot warning:

Andreas Dannenberg said:
Those warnings are emitted when U-Boot detects a specific binary artifact is missing the certificate required for the TI device-based (via public ROM key, and TIFS firmware) authentication process. If you search through the Yocto trees these artifacts get signed using an invocation of ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh from various recipes. The location of this script and the private keys that are used are made known to the Yocto build by defining the TI_SECURE_DEV_PKG_K3 environmental variable, pointing to the secure development package TI provides (note that there's a re-assignment of TI_SECURE_DEV_PKG = "${TI_SECURE_DEV_PKG_K3}" happening inside meta-ti/conf/machine/include/*, so don't let that confuse you. TI_SECURE_DEV_PKG_K3 is what needs to be defined on the outside/shell-level)

1. I downloaded master branch of core-secdev-k3 (from here https://git.ti.com/cgit/security-development-tools/core-secdev-k3)

2. I set TI_SECURE_DEV_PKG_K3 variable in shell based on information from here (https://software-dl.ti.com/processor-sdk-linux/esd/AM64X/08_06_00_42/exports/docs/linux/Foundational_Components/U-Boot/UG-General-Info.html)

 export TI_SECURE_DEV_PKG_K3=`pwd`/core-secdev-k3

I also added some python anonymous function to u-boot.bbappend recipe that print this variable (just to be sure that variable is set correctly)

python() {
    TA = d.getVar('TI_SECURE_DEV_PKG_K3',True)
    bb.warn("TI_SECURE_DEV_PKG_K3: %s" % TA)
}

Looks like it is.

3. I build the image and copy tispl.bin, tiboot3.bin and u-boot to my tftp folder in order to boot board via Ethernet (using fitImage)

4. Logs from boot are below. Looks like nothing changed... There is still one warning. Why they are three messages "Authentication passed" and one warning? I assume those messages correspond to authentication of tispl.bin, tiboot3.bin. But for what is the third and fourth one message?

Have I missed some step?

U-Boot SPL 2021.01-g4a2944651e (Feb 21 2023 - 23:56:53 +0000)
EEPROM not available at 80, trying to read at 81
Reading on-board EEPROM at 0x51 failed -1
SYSFW ABI: 3.1 (firmware rev 0x0008 '8.6.4--v08.06.04 (Chill Capybar')
esm main init failed: -19
esm mcu init failed: -19
SPL initial stack usage: 13408 bytes
###### PUMA SPL board init ######
Trying to boot from eth device
eth1: ethernet@8000000port@2
ethernet@8000000port@2 Waiting for PHY auto negotiation to complete...... done
link up on port 2, speed 100, full duplex
BOOTP broadcast 1
BOOTP broadcast 2
BOOTP broadcast 3
DHCP client bound to address 192.168.1.19 (1264 ms)
Using ethernet@8000000port@2 device
TFTP from server 192.168.1.14; our IP address is 192.168.1.19
Filename 'tispl.bin'.
Load address: 0x82000000
Loading: #################################################################
#################################################################
#####################################################
416 KiB/s
done
Bytes transferred = 934923 (e440b hex)
Authentication passed
Warning: Did not detect image signing certificate. Skipping authentication to prevent boot failure. This will fail on Security Enforcing(HS-SE) devices
Authentication passed
Authentication passed
init_env from device 4 not supported!
Starting ATF on ARM64 core...

U-Boot SPL 2021.01-g4a2944651e (Feb 21 2023 - 23:56:53 +0000)
EEPROM not available at 80, trying to read at 81
Reading on-board EEPROM at 0x51 failed -1
SYSFW ABI: 3.1 (firmware rev 0x0008 '8.6.4--v08.06.04 (Chill Capybar')
###### PUMA SPL board init ######
Trying to boot from eth device
eth1: ethernet@8000000port@2
ethernet@8000000port@2 Waiting for PHY auto negotiation to complete...... done
link up on port 2, speed 100, full duplex
BOOTP broadcast 1
BOOTP broadcast 2
DHCP client bound to address 192.168.1.19 (258 ms)
Using ethernet@8000000port@2 device
TFTP from server 192.168.1.14; our IP address is 192.168.1.19
Filename 'u-boot.img'.
Load address: 0x82000000
Loading: ############T #####################################################
#################################################################
#################################################################
################################
126 KiB/s
done
Bytes transferred = 1158619 (11addb hex)
Authentication passed
Authentication passed

U-Boot 2021.01-g4a2944651e (Feb 21 2023 - 23:56:53 +0000)

SoC: AM64X SR2.0 HS-FS
Model: Texas Instruments AM642 EVM
EEPROM not available at 80, trying to read at 81
Reading on-board EEPROM at 0x51 failed -1
DRAM: 1 GiB
NAND: 0 MiB
MMC: mmc@fa10000: 0, mmc@fa00000: 1
Loading Environment from FAT... OK
In: serial@2800000
Out: serial@2800000
Err: serial@2800000
EEPROM not available at 80, trying to read at 81
Reading on-board EEPROM at 0x51 failed -1
<setup_board_eeprom_env> invalid_eeprom error!
U-BOOT DETECTED ETH BOOT DEVICE!!!
Net: eth1: ethernet@8000000port@2
Hit any key to stop autoboot: 0

0 Andreas Dannenberg over 1 year ago in reply to Jakub Grad

TI__Guru 65077 points

Jakub Grad said:
Logs from boot are below. Looks like nothing changed... There is still one warning.

I would disagree, compared to your original log this looks actually good, there are additional "authentication passed" messages, and (almost) no complaints about missing certificates. So you are mostly there!

Jakub Grad said:
4. Logs from boot are below. Looks like nothing changed... There is still one warning. Why they are three messages "Authentication passed" and one warning? I assume those messages correspond to authentication of tispl.bin, tiboot3.bin. But for what is the third and fourth one message?

A lot of the boot blobs such as tispl.bin are actually FIT images (or to be more correct, ITBs, which stands for Image Tree Blobs), containing a number of individual binary images. What is being authenticated and what the messages are about is each of those images within tispl.bin for example.

You can decode and inspect the contents of tispl.bin like this (example). Same approach works for u-boot.img:

a0797059@dasso:~/tftpboot
$ dtc -I dtb tispl-am64x.bin -O dts | cut -c -80
/dts-v1/;

/ {
        timestamp = <0x642f1f96>;
        description = "Configuration to load ATF and SPL";
        #address-cells = <0x01>;

        images {

                atf {
                        data = [30 82 06 6d 30 82 04 55 a0 03 02 01 02 02 14 6f 51 28 ff 40 84 72 32
                        description = "ARM Trusted Firmware";
                        type = "firmware";
                        arch = "arm64";
                        compression = "none";
                        os = "arm-trusted-firmware";
                        load = <0x701c0000>;
                        entry = <0x701c0000>;
                };

                tee {
                        data = [30 82 06 6d 30 82 04 55 a0 03 02 01 02 02 14 46 0e 6e 04 40 70 52 9e
                        description = "OPTEE";
                        type = "tee";
                        arch = "arm64";
                        compression = "none";
                        os = "tee";
                        load = <0x9e800000>;
                        entry = <0x9e800000>;
                };

                dm {
                        data;
                        description = "DM binary";
                        type = "firmware";
                        arch = "arm32";
                        compression = "none";
                        os = "DM";
                        load = <0x89000000>;
                        entry = <0x89000000>;
                };

                spl {
                        data = <0x3082068c 0x30820474 0xa0030201 0x2021407 0xe2380e90 0xb2a90abb 0x16
                        description = "SPL (64-bit)";
                        type = "standalone";
                        os = "U-Boot";
                        arch = "arm64";
                        compression = "none";
                        load = <0x80080000>;
                        entry = <0x80080000>;
                };

                fdt-1 {
                        data = <0x3082068b 0x30820473 0xa0030201 0x2021436 0x49e2ed2a 0x82a8a33c 0xce
                        description = "k3-am642-evm";
                        type = "flat_dt";
                        arch = "arm";
                        compression = "none";
                };

                fdt-2 {
                        data = <0x3082068b 0x30820473 0xa0030201 0x2021438 0x88050683 0x5100ac7d 0x93
                        description = "k3-am642-sk";
                        type = "flat_dt";
                        arch = "arm";
                        compression = "none";
                };

                fdt-3 {
                        data = [30 82 06 8b 30 82 04 73 a0 03 02 01 02 02 14 6d 15 b7 6b 7b e2 04 1c
                        description = "k3-am642-evm-nand overlay";
                        type = "flat_dt";
                        arch = "arm";
                        compression = "none";
                };
        };

        configurations {
                default = "conf-1";

                conf-1 {
                        description = "k3-am642-evm";
                        firmware = "atf";
                        loadables = "tee\0dm\0spl";
                        fdt = "fdt-1";
                };

                conf-2 {
                        description = "k3-am642-sk";
                        firmware = "atf";
                        loadables = "tee\0dm\0spl";
                        fdt = "fdt-2";
                };

                conf-3 {
                        description = "k3-am642-evm-nand";
                        firmware = "atf";
                        loadables = "tee\0dm\0spl";
                        fdt = "fdt-1\0fdt-3";
                };
        };
};

Jakub Grad said:
Bytes transferred = 934923 (e440b hex)
Authentication passed
Warning: Did not detect image signing certificate. Skipping authentication to prevent boot failure. This will fail on Security Enforcing(HS-SE) devices
Authentication passed
Authentication passed
init_env from device 4 not supported!
Starting ATF on ARM64 core...

You can track down which artifact is missing the signing certificate by turning on debug prints like shown below. And the correlate the image size/address with the dump of tispl.bin shown above.

a0797059@dasso:~/git/u-boot (ti-u-boot-2021.01)
$ git diff
diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c
index 092588f4b5..5ede615de6 100644
--- a/arch/arm/mach-k3/security.c
+++ b/arch/arm/mach-k3/security.c
@@ -6,6 +6,8 @@
  *     Andrew F. Davis <afd@ti.com>
  */

+#define DEBUG
+
 #include <asm/io.h>
 #include <common.h>
 #include <cpu_func.h>

With the debug prints enabled you'll get "Authenticating image at address..." and "Authenticating image of size..." messages in your boot log. Let me know which image is affected, and we can then figure out how to get it signed.

Regards, Andreas

0 Jakub Grad over 1 year ago in reply to Andreas Dannenberg

Intellectual 680 points

Hello Andreas

Thanks for hints. I did as you said .I had to modify security.c to make the address values display correctly. There is some problem with displaying 64-bit values as you can see in the logs below. I splitted image_addr into two 32-bits parts and then display.

It's actually hard to tell which part of the image causing this warning based on "decompiled" tispl.bin blob. Addresses and blob sizes are not fitting to any information in "decompiled" tispl.bin. But this OPTEE warning "WARNING: This OP-TEE configuration might be insecure" makes me wonder if the optee part of fitImage is not signed.

Do you see anything more "suspicious" that could potentially be root cause of this warning? Is there is any other method how to determine which part of tispl fitimage causing problem?

Jakub

/dts-v1/;



/ {

	timestamp = <0x63f55a45>;
	description = "Configuration to load ATF and SPL";
	#address-cells = <0x01>;

	images {


		atf {

			data = <0x3082068c 0x30820474 0xa0030201 0x2021402 0xd3229848 0x5bcac1b1 0xff
			description = "ARM Trusted Firmware";
			type = "firmware";
			arch = "arm64";
			compression = "none";
			os = "arm-trusted-firmware";
			load = <0x701c0000>;
			entry = <0x701c0000>;

		};



		tee {

			data = <0xf30300aa 0xf40302aa 0xc07f0010 0xc018d5 0xdf3f03d5 0x1038d5 0x74b2 
			description = "OPTEE";
			type = "tee";
			arch = "arm64";
			compression = "none";
			os = "tee";
			load = <0x9e800000>;
			entry = <0x9e800000>;

		};



		dm {

			data;
			description = "DM binary";
			type = "firmware";
			arch = "arm32";
			compression = "none";
			os = "DM";
			load = <0x89000000>;
			entry = <0x89000000>;

		};



		spl {

			data = <0x3082068c 0x30820474 0xa0030201 0x2021407 0xb872e487 0xf57c1804 0x7e
			description = "SPL (64-bit)";
			type = "standalone";
			os = "U-Boot";
			arch = "arm64";
			compression = "none";
			load = <0x80080000>;
			entry = <0x80080000>;

		};



		fdt-1 {

			data = [30 82 06 8b 30 82 04 73 a0 03 02 01 02 02 14 1a 09 68 cf 3c 1f f5 0f 
			description = "k3-am642-evm";
			type = "flat_dt";
			arch = "arm";
			compression = "none";

		};



		fdt-2 {

			data = <0x3082068b 0x30820473 0xa0030201 0x202143e 0x608e9e06 0x63277e03 0xa4
			description = "k3-am642-sk";
			type = "flat_dt";
			arch = "arm";
			compression = "none";

		};



		fdt-3 {

			data = [30 82 06 8b 30 82 04 73 a0 03 02 01 02 02 14 3d 33 c4 8f dd c6 cf b2 
			description = "k3-am642-evm-nand overlay";
			type = "flat_dt";
			arch = "arm";
			compression = "none";

		};

	};



	configurations {

		default = "conf-1";



		conf-1 {

			description = "k3-am642-evm";
			firmware = "atf";
			loadables = "tee\0dm\0spl";
			fdt = "fdt-1";

		};



		conf-2 {

			description = "k3-am642-sk";
			firmware = "atf";
			loadables = "tee\0dm\0spl";
			fdt = "fdt-2";

		};



		conf-3 {

			description = "k3-am642-evm-nand";
			firmware = "atf";
			loadables = "tee\0dm\0spl";
			fdt = "fdt-1\0fdt-3";

		};

	};

};

Logs from booting process:

U-Boot SPL 2021.01-g4a2944651e (Feb 21 2023 - 23:56:53 +0000)
EEPROM not available at 80, trying to read at 81
<i2c_setup_offset> chip addr: 51
<i2c_setup_offset> chip addr: 51
<i2c_setup_offset> chip addr: 51
Reading on-board EEPROM at 0x51 failed -1
Resetting on cold boot to workaround ErrataID:i2331
resetting ...

U-Boot SPL 2021.01-g4a2944651e (Feb 21 2023 - 23:56:53 +0000)
EEPROM not available at 80, trying to read at 81
<i2c_setup_offset> chip addr: 51
<i2c_setup_offset> chip addr: 51
<i2c_setup_offset> chip addr: 51
Reading on-board EEPROM at 0x51 failed -1
SYSFW ABI: 3.1 (firmware rev 0x0008 '8.6.4--v08.06.04 (Chill Capybar')
esm main init failed: -19
esm mcu init failed: -19
SPL initial stack usage: 13408 bytes
###### PUMA SPL board init ######
Trying to boot from eth device
eth1: ethernet@8000000port@2
ethernet@8000000port@2 Waiting for PHY auto negotiation to complete...... done
link up on port 2, speed 100, full duplex
BOOTP broadcast 1
BOOTP broadcast 2
BOOTP broadcast 3
BOOTP broadcast 4
BOOTP broadcast 5
DHCP client bound to address 192.168.1.19 (7884 ms)
Using ethernet@8000000port@2 device
TFTP from server 192.168.1.14; our IP address is 192.168.1.19
Filename 'tispl.bin'.
Load address: 0x82000000
Loading: #################################################################
#################################################################
#####################################################
477.5 KiB/s
done
Bytes transferred = 936523 (e4a4b hex)
Authenticating image at address 0x00000000 | 0x8071b630
Authenticating image at address 0x0000000000000000x
Authenticating image of size 49832 bytes
Authentication passed
Warning: Did not detect image signing certificate. Skipping authentication to prevent boot failure. This will fail on Security Enforcing(HS-SE) devices
Authenticating image at address 0x00000000 | 0x80794344
Authenticating image at address 0x0000000000000000x
Authenticating image of size 401944 bytes
Authentication passed
Authenticating image at address 0x00000000 | 0x807f6608
Authenticating image at address 0x0000000000000000x
Authenticating image of size 17399 bytes
Authentication passed
init_env from device 4 not supported!
Starting ATF on ARM64 core...

NOTICE: BL31: v2.8(release):v2.8-226-g2fcd408bb3-dirty
NOTICE: BL31: Built : 00:42:57, Jan 13 2023
I/TC:
I/TC: OP-TEE version: 3.20.0 (gcc version 11.3.0 (GCC)) #1 Fri Jan 20 15:42:54 UTC 2023 aarch64
I/TC: WARNING: This OP-TEE configuration might be insecure!
I/TC: WARNING: Please check optee.readthedocs.io/.../porting_guidelines.html
I/TC: Primary CPU initializing
I/TC: SYSFW ABI: 3.1 (firmware rev 0x0008 '8.6.4--v08.06.04 (Chill Capybar')
I/TC: HUK Initialized
I/TC: Activated SA2UL device
I/TC: Enabled firewalls for SA2UL TRNG device
I/TC: SA2UL TRNG initialized
I/TC: SA2UL Drivers initialized
I/TC: Primary CPU switching to normal world boot

U-Boot SPL 2021.01-g4a2944651e (Feb 21 2023 - 23:56:53 +0000)
EEPROM not available at 80, trying to read at 81
<i2c_setup_offset> chip addr: 51
<i2c_setup_offset> chip addr: 51
<i2c_setup_offset> chip addr: 51
Reading on-board EEPROM at 0x51 failed -1
SYSFW ABI: 3.1 (firmware rev 0x0008 '8.6.4--v08.06.04 (Chill Capybar')
###### PUMA SPL board init ######
Trying to boot from eth device
eth1: ethernet@8000000port@2
ethernet@8000000port@2 Waiting for PHY auto negotiation to complete...... done
link up on port 2, speed 100, full duplex
BOOTP broadcast 1
BOOTP broadcast 2
DHCP client bound to address 192.168.1.19 (260 ms)
Using ethernet@8000000port@2 device
TFTP from server 192.168.1.14; our IP address is 192.168.1.19
Filename 'u-boot.img'.
Load address: 0x82000000
Loading: #################################################################
#################################################################
#################################################################
########################################
315.4 KiB/s
done
Bytes transferred = 1201191 (125427 hex)
Authenticating image at address 0x00000000 | 0x806dac68
Authenticating image at address 0x0000000000000000x
Authenticating image of size 1124104 bytes
Authentication passed
Authenticating image at address 0x00000000 | 0x807ed444
Authenticating image at address 0x0000000000000000x
Authenticating image of size 35999 bytes
Authentication passed

U-Boot 2021.01-g4a2944651e (Feb 21 2023 - 23:56:53 +0000)

SoC: AM64X SR2.0 HS-FS
Model: Texas Instruments AM642 EVM
EEPROM not available at 80, trying to read at 81
<i2c_setup_offset> chip addr: 51
<i2c_setup_offset> chip addr: 51
<i2c_setup_offset> chip addr: 51
Reading on-board EEPROM at 0x51 failed -1
DRAM: 1 GiB
NAND: 0 MiB
MMC: mmc@fa10000: 0, mmc@fa00000: 1
Loading Environment from FAT... OK
In: serial@2800000
Out: serial@2800000
Err: serial@2800000
am65_cpsw_nuss ethernet@8000000: K3 CPSW: nuss_ver: 0x6BA00903 cpsw_ver: 0x6BA80903 ale_ver: 0x00294104 Ports:2 mdio_freq:1000000
EEPROM not available at 80, trying to read at 81
<i2c_setup_offset> chip addr: 51
<i2c_setup_offset> chip addr: 51
<i2c_setup_offset> chip addr: 51
Reading on-board EEPROM at 0x51 failed -1
<setup_board_eeprom_env> invalid_eeprom error!
U-BOOT DETECTED ETH BOOT DEVICE!!!
Net: eth1: ethernet@8000000port@2
Hit any key to stop autoboot: 0
=>
=>

+1 Jakub Grad over 1 year ago in reply to Jakub Grad

Intellectual 680 points

Hello Andreas

I figure out the issue - it was caused by OPTEE. In our yocto project we are using custom machine. I have added .bbappend recipe optee-os_3.16%.bbappend:

do_compile:append:puma() {
    optee_sign_k3hs
}

And now every blob is authenticated correctly.

Thanks for help :)

Processors

Processors forum

TMDS64GPEVM: Warning: Did not detect image signing certificate