Signed AHAB Image Generation for U-Boot and Kernel

In this notebook, we’ll demonstrate a proof-of-concept on how to:

• Generate signed AHAB U-Boot and kernel images

• Replace the unsigned AHAB U-Boot in the wic file

• Replace the unsigned kernel image with a signed version

• Boot up the system with authenticated images

1. Prerequisites

• SPSDK is needed with examples extension. pip install spsdk[examples] (Please refer to the installation documentation.)

• Download Embedded Linux for your i.MX board

• This demo was tested with i.MX93 (both QSB and EVK) and Linux 6.6.52-2.2.0

1.1 Images preparation

• to create resulting binary containing AHAB containers, we need to prepare the binaries

• in this section we reproduce the process which is done by the imx-mkimage tool as flash singleboot binary

• Obtain all the necessary binaries and put them into inputs directory

1.2 U-Boot

Read the U-Boot documentation to understand the U-Boot build process In order to enable secure boot and secure boot itself, U-Boot must be built with AHAB support. CONFIG_AHAB_BOOT=y If you want to use the nxpele over fastboot, also multiplexing of console output to fastboot must be enabled by setting CONFIG_CONSOLE_MUX=y.

As building a (signed) bootloader image for i.MX93 is already explained in examples/ahab/imx93/imx93_signed_ahab_uboot.ipynb we skip the details here.

1.3 Requirements

• lpddr4 firmware files

• u-boot binary (u-boot SPL and u-boot) built with AHAB support.

• bl31.bin binary (ARM Trusted Firmware)

• ELE firmware binary AHAB

• Kernel image

• Device tree blob (.dtb) for i.MX93 QSB board

• Bootable disk image .wic file for i.MX93 QSB board

• i.MX93 QSB board itself

from spsdk.utils.jupyter_utils import YamlDiffWidget

# This env variable sets colored logger output to STDOUT
%env JUPYTER_SPSDK=1
%alias execute echo %l && %l
%alias_magic ! execute

env: JUPYTER_SPSDK=1
Created `%!` as an alias for `%execute`.

2 Building the AHAB Images

We first build the bootloader image, then we build the Kernel image with DTB.

U_BOOT_FLASH_BOOT_CONFIG = "./inputs/imx93_signed_ahab_uboot_bimg.yaml"
U_BOOT_FLASH_BOOT = "./outputs/imx93-ahab-uboot-signed.bin"

%! nxpimage -v bootable-image export -c $U_BOOT_FLASH_BOOT_CONFIG -o $U_BOOT_FLASH_BOOT

nxpimage -v bootable-image export -c ./inputs/imx93_signed_ahab_uboot_bimg.yaml -o ./outputs/imx93-ahab-uboot-signed.bin 
INFO:spsdk.image.ahab.ahab_iae:Adding DDR memory areas into SPL image
INFO:spsdk.apps.nxpimage_apps.nxpimage_bimg:Created Bootable Image:
Name:      Bootable Image for mimx9352, Revision: a1
Starts:    0x0
Ends:      0x1563ff
Size:      Size: 1.3 MiB; 1,401,856 B
Alignment: 1 B
Execution Start Address: Not defined
Pattern:zeros
Memory type: MemoryType.SERIAL_DOWNLOADER

INFO:spsdk.apps.nxpimage_apps.nxpimage_bimg:Created Bootable Image memory map:

+==0x0000_0000= Bootable Image for mimx9352, Revision: a1 ==+
|                Size: 1.3 MiB; 1,401,856 B                 |
|         Memory type: MemoryType.SERIAL_DOWNLOADER         |
|                      Pattern: zeros                       |
|+==0x0000_0000= primary_image_container_set ==============+|
||               Size: 308.5 kiB; 315,904 B                ||
||          AHAB Image for mimx9352, Revision: a1          ||
||                     Pattern: zeros                      ||
||+==0x0000_0000= AHAB Containers ========================+||
|||                Size: 8.0 kiB; 8,192 B                 |||
|||                 AHAB Containers block                 |||
|||                    Pattern: zeros                     |||
|||+==0x0000_0000= AHAB Container 0 =====================+|||
||||                     Size: 544 B                     ||||
||||           AHAB Container for nxp_SWver:0            ||||
|||+==0x0000_021f========================================+|||
|||                      Gap: 480 B                       |||
|||+==0x0000_0400= AHAB Container 1 =====================+|||
||||                     Size: 704 B                     ||||
||||           AHAB Container for oem_SWver:0            ||||
|||+==0x0000_06bf========================================+|||
||+==0x0000_1fff==========================================+||
||+==0x0000_2000= Container 0 AHAB Data Image 0 ==========+||
|||               Size: 94.9 kiB; 97,136 B                |||
||| AHAB encrypted data block for ele core and ele Image  |||
|||                         Type.                         |||
||+==0x0001_9b6f==========================================+||
||                       Gap: 144 B                        ||
||+==0x0001_9c00= U-Boot SPL with DDR tunning images =====+||
|||              Size: 205.5 kiB; 210,432 B               |||
|||  AHAB data block for cortex-a55 core and executable   |||
|||                      Image Type.                      |||
||+==0x0004_d1ff==========================================+||
|+==0x0004_d1ff============================================+|
|                        Gap: 512 B                         |
|+==0x0004_d400= secondary_image_container_set ============+|
||               Size: 1.0 MiB; 1,085,440 B                ||
||          AHAB Image for mimx9352, Revision: a1          ||
||                     Pattern: zeros                      ||
||+==0x0004_d400= AHAB Containers ========================+||
|||                Size: 8.0 kiB; 8,192 B                 |||
|||                 AHAB Containers block                 |||
|||                    Pattern: zeros                     |||
|||+==0x0004_d400= AHAB Container 0 =====================+|||
||||                     Size: 832 B                     ||||
||||           AHAB Container for oem_SWver:0            ||||
|||+==0x0004_d73f========================================+|||
||+==0x0004_f3ff==========================================+||
||+==0x0004_f400= ATF - ARM Trusted Firmware =============+||
|||               Size: 43.5 kiB; 44,544 B                |||
|||  AHAB data block for cortex-a55 core and executable   |||
|||                      Image Type.                      |||
||+==0x0005_a1ff==========================================+||
||                       Gap: 512 B                        ||
||+==0x0005_a400= U-Boot Firmware ========================+||
|||             Size: 1008.0 kiB; 1,032,192 B             |||
|||  AHAB data block for cortex-a55 core and executable   |||
|||                      Image Type.                      |||
||+==0x0015_63ff==========================================+||
|+==0x0015_63ff============================================+|
+==0x0015_63ff==============================================+

Success. (Bootable Image: outputs/imx93-ahab-uboot-signed.bin created) 

Kernel and Device tree blob AHAB image is also very simple, and signing works in similar fashion.

KERNEL_CONTAINER_CONFIG = "./inputs/imx93_signed_ahab_kernel_dtb.yaml"
KERNEL_CONTAINER = "./outputs/os_cntr_signed.bin"
YamlDiffWidget("./inputs/imx93_signed_ahab_kernel_dtb.diffc").html

nxpimage ahab get-template -f mimx9352 -o workspace/ahab_template.yaml --force 
Creating workspace/ahab_template.yaml template file.

Configuration Differences

Show Diff Download Config

# ===========================  ahab Configuration template for mimx9352, Revision: latest.  ============================

# ======================================================================================================================
#                                                 == General Options ==                                                 
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: mimx9352
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: 
revision: latest
# -----------------------------------------===== Target memory [Optional] =====-----------------------------------------
# Description: Target memory for AHAB container
# Possible options: 
target_memory: standard Change the target memory to serial downloader
# ---------------------------------------===== Output file name [Required] =====----------------------------------------
# Description: Output AHAB file name
output: generated_ahab.bin Change the output file name
output: ../outputs/os_cntr_signed.bin
# ------------------------------===== List of containers present in AHAB [Required] =====-------------------------------
# Description: The order of containers in the list defines the order in AHAB.
containers:
  -
  # ====================================================================================================================
  #                                          == List of possible 2 options. ==                                          
  #                                        Options [binary_container, container]                                        
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -----------------------------------===== Binary AHAB container [Required] =====-----------------------------------
    # Description: Binary Container format to add to AHAB image, Typically it could be used to add ELE Firmware.
    binary_container:
      # -----------------------------===== The AHAB container binary file [Required] =====------------------------------
      # Description: The binary file that contains AHAB "my_binary_container.bin
      path: my_ahab_container.bin

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # --------------------------------------===== AHAB Container [Required] =====---------------------------------------
    # Description: Configurable Container format to add to AHAB image. This allow to configure all aspects of the AHAB
    # container.
    container:
      # --------------------------------===== Super Root Key (SRK) set [Required] =====---------------------------------
      # Description: Defines which set is used to authenticate the container.
      # Possible options: 
      srk_set: none
      srk_set: oem
      # ---------------------------------===== Used SRK [Conditionally required] =====----------------------------------
      # Description: Which key from SRK set is being used.
      used_srk_id: 0
      # -------------------------------------===== SRK revoke mask [Optional] =====-------------------------------------
      # Description: Bit-mask to indicate which SRKs to revoke. Bit set to 1 means revoke key. Bit 0 = revoke SRK_0, bit
      # 1 = revoke SRK_1 etc. Example of revocation SRK_0 and SRK_1 - the value should be 0x03
      srk_revoke_mask: '0x00'
      srk_revoke_mask: 0
      # ----------------------------------===== GDET runtime behavior [Optional] =====----------------------------------
      # Description: This option defines runtime behavior of Glitch detector. Not supported by all devices and their ELE
      # firmware.
      #  - disabled:       GDET is disabled after the first OEM container has been authenticated (default behavior)
      #  - enabled_eleapi: Automatically enable GDET during all ELE API calls
      #  - enabled:        Leave GDET enabled
      # Possible options: 
      gdet_runtime_behavior: disabled
      # --------------------------------------===== Fuse version [Optional] =====---------------------------------------
      # Description: The value must be equal or greater than the version stored in fuses to allow loading this
      # container.
      fuse_version: 0
      # ------------------------------------===== Software version [Optional] =====-------------------------------------
      # Description: Number used by Privileged Host Boot Companion (PHBC) to select between multiple images with same
      # Fuse version field.
      sw_version: 0
      signer: ./keys/RoT_key0_secp384r1.pem # [Conditionally required], AHAB container signing key, Private key used for sign the container header. Header can be signed by SRK or by image key that was signed by SRK. If an image key is used, it must be the same algorithm and key size as the SRK. In both cases, the referenced SRK must not have been revoked.
      # ----------------------------------===== AHAB container signer [Optional] =====----------------------------------
      # Description: Signature provider configuration in format 'type=;=;=' or a
      # private key used for sign the container header. Header can be signed by SRK. The referenced SRK must not have
      # been revoked.
      signer: type=file;file_path=my_prv_key.pem

      # ================================================================================================================
      #                     == Configuration of AHAB Container images (array of multiple images) ==                     
      # ================================================================================================================
      # ---------------------------------------===== Image array [Required] =====---------------------------------------
      # Description: Array of image entries.
      images:
        -
        # ==============================================================================================================
        #                                       == List of possible 7 options. ==                                       
        #   Options [SPL with optional DDR tunning images, Uboot ATF, Uboot, TEE Trusted Execution Environment, Linux   
        #                              Kernel Image, Device Tree Blob, General Image Entry]                             
        # ==============================================================================================================
        - kernel: inputs/Image
          hash_type: sha384

        - dtb: inputs/imx93-9x9-qsb.dtb
          hash_type: sha384
        #  ====== [Example of possible configuration: #0 SPL with optional DDR tunning images, erase if not used] =======
        # U-Boot SPL with optional DDR PHY tunning images
        # Image array default settings. Can be overridden by definitions that are hidden in the template:
        # load_address:                  0x000000002049A000
        # image_type:                    executable
        # core_id:                       cortex-a55
        # meta_data_start_cpu_id:        2
        # hash_type:                     SHA384
          # -----------------------------===== LPDDR memory FW in 1D mode [Required] =====------------------------------
          # Description: Firmware for LPDDR4/5 memory in 1D mode.
          lpddr_imem_1d: lpddr_imem_1d.bin
          # -----------------------------===== LPDDR memory FW in 2D mode [Required] =====------------------------------
          # Description: Firmware for LPDDR4/5 memory in 2D mode.
          lpddr_imem_2d: lpddr_imem_2d.bin
          # ----------------------------===== LPDDR memory data in 1D mode [Required] =====-----------------------------
          # Description: Data for LPDDR4/5 memory in 1D mode.
          lpddr_dmem_1d: lpddr_dmem_1d.bin
          # ----------------------------===== LPDDR memory data in 2D mode [Required] =====-----------------------------
          # Description: Data for LPDDR4/5 memory in 2D mode.
          lpddr_dmem_2d: lpddr_dmem_2d.bin
          # -----------------------------------------===== SPL [Required] =====-----------------------------------------
          # Description: SPL firmware
          spl_ddr: spl.bin

      srk_table: # [Conditionally required], SRK Table, SRK (Super Root key) table definition.
        srk_array: # [Required], Super Root Key (SRK) table, Table containing the used SRK records. All SRKs must be of the same type. Supported signing algorithms are: RSASSA-PSS or ECDSA. Supported hash algorithms: sha256, sha384, sha512. Supported key sizes/curves: prime256v1, sec384r1, sec512r1, rsa2048, rsa4096. Certificate may be of Certificate Authority.
          - ./keys/RoT_key0_secp384r1.pub # SRK key, Path to SRK Key file.
          - ./keys/RoT_key1_secp384r1.pub # SRK key, Path to SRK Key file.
          - ./keys/RoT_key2_secp384r1.pub # SRK key, Path to SRK Key file.
          - ./keys/RoT_key3_secp384r1.pem # SRK key, Path to SRK Key file.
        #  ==================== [Example of possible configuration: #1 Uboot ATF, erase if not used] ====================
        # U-Boot ATF container definition
        # Image array default settings. Can be overridden by definitions that are hidden in the template:
        # load_address:                  0x00000000204E0000
        # image_type:                    executable
        # core_id:                       cortex-a55
        # meta_data_start_cpu_id:        2
        # hash_type:                     SHA384
          # -------------------------------------===== ATF binary [Required] =====--------------------------------------
          # Description: ARM Trusted Firmware binary file.
          atf: bl31.bin

        #  ====================== [Example of possible configuration: #2 Uboot, erase if not used] ======================
        # U-Boot container definition
        # Image array default settings. Can be overridden by definitions that are hidden in the template:
        # load_address:                  0x0000000080200000
        # image_type:                    executable
        # core_id:                       cortex-a55
        # meta_data_start_cpu_id:        2
        # hash_type:                     SHA384
          # ------------------------------------===== U-Boot binary [Required] =====------------------------------------
          # Description: U-Boot binary file.
          uboot: u-boot.bin

        #  ======== [Example of possible configuration: #3 TEE Trusted Execution Environment, erase if not used] ========
        # A TEE (Trusted Execution Environment) is a trusted OS running in some secure environment, for example, TrustZone on ARM CPUs, or a separate secure co-processor etc. A TEE driver handles the details needed to communicate with the TEE.
        # Image array default settings. Can be overridden by definitions that are hidden in the template:
        # load_address:                  0x0000000096000000
        # image_type:                    executable
        # core_id:                       cortex-a55
        # meta_data_start_cpu_id:        2
        # hash_type:                     SHA384
          # -----------------------------------------===== TEE [Required] =====-----------------------------------------
          # Description: TEE - Trusted Execution Environment binary
          tee: tee.bin

        #  =============== [Example of possible configuration: #4 Linux Kernel Image, erase if not used] ================
        # Linux kernel Image container definition
        # Image array default settings. Can be overridden by definitions that are hidden in the template:
        # load_address:                  0x0000000080400000
        # image_type:                    executable
        # core_id:                       cortex-a55
        # meta_data_start_cpu_id:        2
        # hash_type:                     SHA384
          # ------------------------------===== Linux Kernel Image Binary [Required] =====------------------------------
          # Description: Linux kernel executable Image binary file (typically Image.bin)
          kernel: Image.bin Change the kernel path

        #  ================ [Example of possible configuration: #5 Device Tree Blob, erase if not used] =================
        # Device Tree Blob (DTB) container definition
        # Image array default settings. Can be overridden by definitions that are hidden in the template:
        # load_address:                  0x0000000083000000
        # entry_point:                   0x0000000000000000
        # image_type:                    data
        # core_id:                       cortex-a55
        # hash_type:                     SHA384
          # -------------------------------===== Device Tree Blob Binary [Required] =====-------------------------------
          # Description: Device Tree Blob (DTB) binary file containing hardware description
          dtb: device-tree.dtb Change the dtb path

        #  =============== [Example of possible configuration: #6 General Image Entry, erase if not used] ===============
        # General Image Entry
          # -------------------------------------===== Image path [Optional] =====--------------------------------------
          # Description: Path to image binary (absolute/relative). In case that only Image Array entry without any data
          # image is needed, Just do not use the image path. In case that the image size in container should be aligned
          # differently then SPSDK do (4 bytes for ELE images, 1 byte otherwise), there is hidden option
          # 'image_size_alignment' where could be override image size by any custom value.
          image_path: my_image.bin
          # ---------------------------===== Image offset in AHAB container [Optional] =====----------------------------
          # Description: Offset in bytes from start of container header to beginning of the image. Zero value means
          # automatic placing the image with proper alignment after previous one, this is recommended for
          # serial_downloader mode. In case of XiP type of AHAB image, the load_address and entry_point must correspond
          # to this values. Example of setting of load_address - AHAB_IMAGE_ADDRESS+IMAGE_OFFSET=LOAD_ADDRESS. The
          # Booting core images must be located after the other ones
          image_offset: 0
          # ------------------------------===== Image destination address [Required] =====------------------------------
          # Description: Address the image is written to in memory (absolute address in system memory).
          load_address: '0x1FFC_0000'
          # ----------------------------------===== Image entry point [Required] =====----------------------------------
          # Description: Image entry point (absolute address). Valid only for executable image types.
          entry_point: '0x1FFC_0000'
          # -------------------------------------===== Image type [Required] =====--------------------------------------
          # Description: Kind of image.
          # Possible options: 
          # v2x_secondary, v2x_rom_patch>
          image_type: executable
          # ---------------------------------------===== Core ID [Required] =====---------------------------------------
          # Description: Defines the core the image is dedicated for. Not all cores are supported for all families.
          # Possible options: 
          core_id: cortex-m33
          # ----------------------------------===== Image encryption [Optional] =====-----------------------------------
          # Description: Determines, whether image is encrypted or not.
          is_encrypted: false
          # -------------------------------------===== Boot flags [Optional] =====--------------------------------------
          # Description: Boot flags controlling SCFW boot.
          boot_flags: 0
          # ------------------------------------===== Start CPU ID [Optional] =====-------------------------------------
          # Description: Resource ID of CPU to be started
          meta_data_start_cpu_id: 0
          # ------------------------------===== CPU memory unit start ID [Optional] =====-------------------------------
          # Description: Resource ID of the MU associated with the CPU
          meta_data_mu_cpu_id: 0
          # ---------------------------------===== Start partition ID [Optional] =====----------------------------------
          # Description: Partition ID of the partition to start
          meta_data_start_partition_id: 0
          # ----------------------------------===== Images HASH type [Optional] =====-----------------------------------
          # Description: HASH type of image.
          # Possible options: 
          hash_type: sha512

      # ================================================================================================================
      #                                      == Configuration of AHAB SRK table ==                                      
      # ================================================================================================================
      # ---------------------------------===== SRK Table [Conditionally required] =====---------------------------------
      # Description: SRK (Super Root key) table definition.
      srk_table: Set your own srk table
        # ----------------------------------------===== CA Flag [Optional] =====----------------------------------------
        # Description: CA Flag is used by HAB to indicate if the SRK is allowed to sign other keys. In AHAB CA Flag only
        # affects the final SRKH (Super Root Key Hash) value burned into chip fuses. It is not used in the AHAB signing
        # process itself. This option exists only for compatibility with systems where fuses are already programmed. In
        # most cases, this should remain false.
        flag_ca: false
        # ------------------------------------===== Hash Algorithm [Optional] =====-------------------------------------
        # Description: Hash algorithm used for SRK records. If not specified, default algorithm based on key type will
        # be used.
        # Possible options: 
        # shake_256_512, sm3>
        hash_algorithm: default
        # ------------------------------===== Super Root Key (SRK) table [Required] =====-------------------------------
        # Description: Table containing the used SRK records. All SRKs must be of the same type. Supported signing
        # algorithms are: RSA-PSS, ECDSA, Dilithium or SM2. Supported hash algorithms: sha256, sha384, sha512, sha3_256,
        # sha3_384, sha3_512, sm3. Supported key sizes/curves: prime256v1, sec384r1, sec512r1, rsa2048, rsa4096,
        # dilithium3, sm2. Certificate may be of Certificate Authority. Dilithium algorithms are supported just in new
        # type of AHAB container
        srk_array:
          - my_srk_public_key0.pub
          - my_srk_public_key1.pub
          - my_srk_public_key2.pub
          - my_srk_public_key3.pub

      # ================================================================================================================
      #         == Optional configuration of AHAB Container Encryption blob (if not used, erase the section) ==         
      # ================================================================================================================
      # -------------------------------------===== Encryption blob [Optional] =====-------------------------------------
      # Description: Encryption blob container definition
      blob: And
finally remove unused parts for AHAB Certificate and Encryption blob
        # ------------------------------------===== Key identifier [Required] =====-------------------------------------
        # Description: The key identifier that has been used to generate DEK keyblob.
        key_identifier: 0
        # -------------------------------------===== DEK key size [Required] =====--------------------------------------
        # Description: Data Encryption key size. Used for AES CBC-MAC (128/192/256 size)
        # Possible options: <128, 192, 256>
        dek_key_size: 128
        # ----------------------------------------===== DEK key [Required] =====----------------------------------------
        # Description: Data Encryption key. Used for AES CBC-MAC (128/192/256 size). The HEX format is accepted
        dek_key: my_dek_key.txt
        # --------------------------------------===== DEK keyblob [Optional] =====--------------------------------------
        # Description: Wrapped Data Encryption key. Used for AES CBC-MAC (128/192/256 size). The HEX format is accepted.
        # If NOT used, the empty keyblob is inserted into container and need to be updated later.
        dek_keyblob: my_wrapped_key.txt And finally remove unused parts for AHAB Certificate and Encryption blob

# Copyright 2025 NXP
#
# SPDX-License-Identifier: BSD-3-Clause

# ===========================  ahab Configuration template for mimx9352, Revision: latest.  ============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: mimx9352
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: 
revision: latest
# -----------------------------------------===== Target memory [Optional] =====-----------------------------------------
# Description: Target memory for AHAB container
# Possible options: 
target_memory: standard Change the target memory to serial downloader
# ---------------------------------------===== Output file name [Required] =====----------------------------------------
# Description: Output AHAB file name
output: ../outputs/os_cntr_signed.bin Change the output file name
# ------------------------------===== List of containers present in AHAB [Required] =====-------------------------------
# Description: The order of containers in the list defines the order in AHAB.
containers:
  -
  # ====================================================================================================================
  #                                          == AHAB Container Configuration ==
  # ====================================================================================================================

    # --------------------------------------===== AHAB Container [Required] =====---------------------------------------
    # Description: Configurable Container format to add to AHAB image. This allow to configure all aspects of the AHAB
    # container.
    container:
      # --------------------------------===== Super Root Key (SRK) set [Required] =====---------------------------------
      # Description: Defines which set is used to authenticate the container.
      # Possible options: 
      srk_set: oem
      # ---------------------------------===== Used SRK [Conditionally required] =====----------------------------------
      # Description: Which key from SRK set is being used.
      used_srk_id: 0
      # -------------------------------------===== SRK revoke mask [Optional] =====-------------------------------------
      # Description: Bit-mask to indicate which SRKs to revoke. Bit set to 1 means revoke key. Bit 0 = revoke SRK_0, bit
      # 1 = revoke SRK_1 etc. Example of revocation SRK_0 and SRK_1 - the value should be 0x03
      srk_revoke_mask: 0
      # --------------------------------------===== Fuse version [Optional] =====---------------------------------------
      # Description: The value must be equal or greater than the version stored in fuses to allow loading this
      # container.
      fuse_version: 0
      # ------------------------------------===== Software version [Optional] =====-------------------------------------
      # Description: Number used by Privileged Host Boot Companion (PHBC) to select between multiple images with same
      # Fuse version field.
      sw_version: 0
      signer: ./keys/RoT_key0_secp384r1.pem # [Conditionally required], AHAB container signing key, Private key used for sign the container header. Header can be signed by SRK or by image key that was signed by SRK. If an image key is used, it must be the same algorithm and key size as the SRK. In both cases, the referenced SRK must not have been revoked.
      # ================================================================================================================
      #                     == Configuration of AHAB Container images (array of multiple images) ==
      # ================================================================================================================
      # ---------------------------------------===== Image array [Required] =====---------------------------------------
      # Description: Array of image entries.
      images:
        # ===============================================================================================
        #                              == Linux Kernel Image Entry ==
        # ===============================================================================================
        - kernel: inputs/Image Change the kernel path
          hash_type: sha384

        # ===============================================================================================
        #                              == Device Tree Blob Entry ==
        # ===============================================================================================
        - dtb: inputs/imx93-9x9-qsb.dtb Change the dtb path
          hash_type: sha384

        # ----------------------------------------------------------------------------------------------------
        #                                == Configuration of AHAB SRK table ==
        # ----------------------------------------------------------------------------------------------------
      srk_table: # [Conditionally required], SRK Table, SRK (Super Root key) table definition.
        srk_array: # [Required], Super Root Key (SRK) table, Table containing the used SRK records. All SRKs must be of the same type. Supported signing algorithms are: RSASSA-PSS or ECDSA. Supported hash algorithms: sha256, sha384, sha512. Supported key sizes/curves: prime256v1, sec384r1, sec512r1, rsa2048, rsa4096. Certificate may be of Certificate Authority.
          - ./keys/RoT_key0_secp384r1.pub # SRK key, Path to SRK Key file.
          - ./keys/RoT_key1_secp384r1.pub # SRK key, Path to SRK Key file.
          - ./keys/RoT_key2_secp384r1.pub # SRK key, Path to SRK Key file.
          - ./keys/RoT_key3_secp384r1.pem # SRK key, Path to SRK Key file.

%! nxpimage -v ahab export -c $KERNEL_CONTAINER_CONFIG

nxpimage -v ahab export -c ./inputs/imx93_signed_ahab_kernel_dtb.yaml 
INFO:spsdk.apps.nxpimage_apps.nxpimage_ahab:Created AHAB Image:
Name:      AHAB Image
Starts:    0x0
Ends:      0x21f7bff
Size:      Size: 34.0 MiB; 35,617,792 B
Alignment: 512 B
Execution Start Address: Not defined
Pattern:zeros
AHAB Image for mimx9352, Revision: latest

INFO:spsdk.apps.nxpimage_apps.nxpimage_ahab:Created AHAB Image memory map:

+==0x0000_0000= AHAB Image ============+
|     Size: 34.0 MiB; 35,617,792 B     |
|  AHAB Image for mimx9352, Revision:  |
|                latest                |
|            Pattern: zeros            |
|+==0x0000_0000= AHAB Containers =====+|
||       Size: 8.0 kiB; 8,192 B       ||
||       AHAB Containers block        ||
||           Pattern: zeros           ||
||+==0x0000_0000= AHAB Container 0 ==+||
|||           Size: 832 B            |||
|||  AHAB Container for oem_SWver:0  |||
||+==0x0000_033f=====================+||
|+==0x0000_1fff=======================+|
|+==0x0000_2000= Linux Kernel Image ==+|
||    Size: 33.9 MiB; 35,564,032 B    ||
||AHAB data block for cortex-a55 core ||
||     and executable Image Type.     ||
|+==0x021e_c9ff=======================+|
|              Gap: 512 B              |
|+==0x021e_cc00= Device Tree Blob ====+|
||      Size: 44.0 kiB; 45,056 B      ||
||AHAB data block for cortex-a55 core ||
||        and data Image Type.        ||
|+==0x021f_7bff=======================+|
+==0x021f_7bff=========================+

Success. (AHAB: outputs/os_cntr_signed.bin created.)
INFO:spsdk.image.ahab.ahab_container:Generated file containing SRK hash: outputs/ahab_oem0_srk0_hash.txt
INFO:spsdk.image.ahab.ahab_container:
Fuses info:

 --== Grouped register name: SRKH ==-- 
OTP ID: 128, Value: 0xA69C79E7
OTP ID: 129, Value: 0x578B8D35
OTP ID: 130, Value: 0x5DF512B9
OTP ID: 131, Value: 0x5C13EE65
OTP ID: 132, Value: 0x2F06222F
OTP ID: 133, Value: 0xEA8799AB
OTP ID: 134, Value: 0x2A25A34B
OTP ID: 135, Value: 0x3AB3699A

INFO:spsdk.image.ahab.ahab_container:Generated script for writing fuses for container 0: outputs/ahab_oem0_srk0_hash_nxpele.bcf
Exporting AHAB fuses to the output directory.
outputs/ahab_oem0_srk0_hash.txt
outputs/ahab_oem0_srk0_hash_nxpele.bcf

3 Image Download

First we will download the WIC image onto the board, which by default comes with an unsigned bootloader and Linux kernel (amongst other things like root filesystem, software, etc.)

It is possible to replace U-Boot with a signed one in the .wic file, but the issue with that is that once we do that, the system wont boot, because the signed bootloader will also expect a signed kernel image with device tree blob.

For completeness the script below would replace the old U-Boot with the new signed one:

WIC = “./dist/imx-image-full-imx93evk.wic”

To download the WIC image onto the board we can use the SPSDK utility nxpuuu. As the WIC image often has size of several gigabytes, this process can take several minutes.

First we set our iMX93 board into serial download mode, then use the following command:

WIC = "./dist/imx-image-full-imx93evk.wic"
%! nxpuuu write -f mimx9352 -b emmc_all $WIC

nxpuuu write -f mimx9352 -b emmc_all ./dist/imx-image-full-imx93evk.wic 
SDPS: boot -scanterm -f ./dist/imx-image-full-imx93evk.wic -scanlimited 0x800000


FB: flash -raw2sparse all ./dist/imx-image-full-imx93evk.wic


Success

4 Bootloader replacement

Now that we have uploaded the .wic image onto the board, we can proceed with replacing the bootloader with the signed one, as we did not modify the .wic image.

Since we just uploaded the .wic image onto the board, we should still be in serial download mode.

Following command writes the new bootloader onto the emmc:

%! nxpuuu write -f mimx9352 -b emmc $U_BOOT_FLASH_BOOT

nxpuuu write -f mimx9352 -b emmc ./outputs/imx93-ahab-uboot-signed.bin 
SDPS: boot -f ./outputs/imx93-ahab-uboot-signed.bin


Success

5 Kernel replacement

Now that we uploaded signed bootloader, namely U-Boot which now expects a signed kernel image named os_cntr_signed.bin in the FAT partition, which is why we need to upload it.

import os

KERNEL_SIZE = hex(os.path.getsize(KERNEL_CONTAINER))
FASTBOOT_BUFFER_ADDRESS = hex(0x98000000)
MMCDEV = 0
MMCPART = 1

# We turn on the u-boot console multiplexing into terminal so that we are able to see the output
%! nxpuuu run "FB: ucmd setenv stdout serial,fastboot"
# We set fastboot buffer to a known address we have access to, in this case 0x98000000
%! nxpuuu run "FB: ucmd setenv fastboot_buffer $FASTBOOT_BUFFER_ADDRESS"
# Download the kernel
%! nxpuuu run "FB: download -f $KERNEL_CONTAINER"
# Write the kernel to FAT partition, these parameters may vary if we use SD card etc.
%! nxpuuu run "FB: ucmd fatwrite mmc $MMCDEV:$MMCPART $FASTBOOT_BUFFER_ADDRESS Image $KERNEL_SIZE"

nxpuuu run "FB: ucmd setenv stdout serial,fastboot" 
Success
nxpuuu run "FB: ucmd setenv fastboot_buffer 0x98000000" 
Success
nxpuuu run "FB: download -f ./outputs/os_cntr_signed.bin" 
Response: Starting download of 35617792 bytes
..........................................................................
..........................................................................
..........................................................................
.................................................
downloading of 35617792 bytes finished

Success
nxpuuu run "FB: ucmd fatwrite mmc 0:1 0x98000000 Image 0x21f7c00" 
Response: 35617792 bytes written in 195 ms (174.2 MiB/s)

Success

We can now delete the old unsigned kernel, note that this step is optional, but the signed bootloader should not be loading unsigned kernel by default.

%! nxpuuu -v run "FB: ucmd fatrm mmc 0:1 Image"

nxpuuu -v run "FB: ucmd fatrm mmc 0:1 Image" 
Success

We can list the fat partition and see the various device tree blobs, other binaries, and most importantly our os_cntr_signed.bin file.

%! nxpuuu -v run "FB: ucmd fatls mmc 0:1"

nxpuuu -v run "FB: ucmd fatls mmc 0:1" 
Response:  35617792   Image
    69501   imx93-11x11-evk-aud-hat.dtb
    66805   imx93-11x11-evk-boe-wxga-lvds-panel.dtb
    65761   imx93-11x11-evk-flexio-i2c.dtb
    66065   imx93-11x11-evk-flexspi-m2.dtb
    66855   imx93-11x11-evk-i2c-spi-slave.dtb
    65118   imx93-11x11-evk-i3c.dtb
     2725   imx93-11x11-evk-inmate.dtb
    51206   imx93-11x11-evk-iw612-otbr.dtb
    65418   imx93-11x11-evk-ld.dtb
    65576   imx93-11x11-evk-lpuart.dtb
    66039   imx93-11x11-evk-mqs.dtb
    68870   imx93-11x11-evk-mt9m114.dtb
    70541   imx93-11x11-evk-pmic-pf0900-aud-hat.dtb
    67845   imx93-11x11-evk-pmic-pf0900-boe-wxga-lvds-panel.dtb
    66801   imx93-11x11-evk-pmic-pf0900-flexio-i2c.dtb
    67105   imx93-11x11-evk-pmic-pf0900-flexspi-m2.dtb
    67895   imx93-11x11-evk-pmic-pf0900-i2c-spi-slave.dtb
    66158   imx93-11x11-evk-pmic-pf0900-i3c.dtb
    66458   imx93-11x11-evk-pmic-pf0900-ld.dtb
    66616   imx93-11x11-evk-pmic-pf0900-lpuart.dtb
    67079   imx93-11x11-evk-pmic-pf0900-mqs.dtb
    69910   imx93-11x11-evk-pmic-pf0900-mt9m114.dtb
    66915   imx93-11x11-evk-pmic-pf0900-rm67199.dtb
    66669   imx93-11x11-evk-pmic-pf0900-root.dtb
    67204   imx93-11x11-evk-pmic-pf0900-rpmsg-lpv.dtb
    67228   imx93-11x11-evk-pmic-pf0900-rpmsg.dtb
    66414   imx93-11x11-evk-pmic-pf0900.dtb
    65875   imx93-11x11-evk-rm67199.dtb
    65629   imx93-11x11-evk-root.dtb
    66164   imx93-11x11-evk-rpmsg-lpv.dtb
    66188   imx93-11x11-evk-rpmsg.dtb
    65374   imx93-11x11-evk.dtb
    49548   imx93-14x14-evk-aud-hat.dtb
    46985   imx93-14x14-evk-dsi-serdes.dtb
    46290   imx93-14x14-evk-flexspi-m2.dtb
    45470   imx93-14x14-evk-i3c.dtb
    46050   imx93-14x14-evk-lvds-it6263.dtb
    46474   imx93-14x14-evk-mqs.dtb
    46294   imx93-14x14-evk-rm67199.dtb
    48085   imx93-14x14-evk-sja1105.dtb
    46367   imx93-14x14-evk-tja1103.dtb
    45772   imx93-14x14-evk.dtb
    47890   imx93-9x9-qsb-aud-hat.dtb
    45350   imx93-9x9-qsb-can1.dtb
    45511   imx93-9x9-qsb-flexspi-m2.dtb
    44511   imx93-9x9-qsb-i3c.dtb
    45025   imx93-9x9-qsb-ld.dtb
    45271   imx93-9x9-qsb-lpspi-slave.dtb
    45384   imx93-9x9-qsb-lpspi.dtb
    47807   imx93-9x9-qsb-mt9m114.dtb
    45467   imx93-9x9-qsb-ontat-wvga-panel.dtb
    45364   imx93-9x9-qsb-rpmsg-lpv.dtb
    45388   imx93-9x9-qsb-rpmsg.dtb
    45555   imx93-9x9-qsb-tianma-wvga-panel.dtb
    44981   imx93-9x9-qsb.dtb
            mcore-demos/
   593744   tee.bin
  1185792   u-boot-atf-container.img
 35355200   uImage
    77661   imx93-11x11-evk-falcon.dtb
 35617792   os_cntr_signed.bin

61 file(s), 1 dir(s)


Success

6 Boot of authenticated container

Now that everything is done, we can change the boot mode to EMMC and see that the authenticated container is booting.

To check if the authenticated container is being booted, we deleted the original unsigned kernel Image.

And during the boot we should see the following message in the console:

Running BSP bootcmd ...
switch to partitions #0, OK
mmc0(part 0) is current device
Failed to load 'boot.scr'
35807506 bytes read in 132 ms (258.7 MiB/s)
Booting from mmc ...
Authenticate OS container at 0x98000000
mu receive msg wait 1s
mu receive msg wait 2s
## Flattened Device Tree blob at 83000000
   Booting using the fdt blob at 0x83000000
Working FDT set to 83000000
   Using Device Tree in place at 0000000083000000, end 000000008300dfbc
Working FDT set to 83000000

Starting kernel ...

[    0.000000] Booting Linux on physical CPU 0x0000000000 [0x412fd050]