cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jdefields
Explorer
Explorer
1,221 Views
Registered: ‎12-02-2014

Golden Image Search - SHA 2 / SHA 3 hashing select

Jump to solution

I'm trying to get SHA-2 (or SHA-3) hash verification of UBoot SPL.  I've appended the sha256sum of 'u-boot-spl.bin' to the end of itself, and set the image attribute field to select SHA-2 hashing (image attributes set from 0x800 to 0xA00).  The image no longer boots like this.

 

Can I have some guidance for how the SHA hash verification works? 

Should the SHA2 hash be just on 'u-boot-spl.bin' or should it also take the header and/or pmufw into account? 

Are there any padding considerations at the end of u-boot-spl.bin?

 

Thanks,

 

Justin D.

0 Kudos
1 Solution

Accepted Solutions
jdefields
Explorer
Explorer
1,473 Views
Registered: ‎12-02-2014

Figured it out.  Poor/lacking documentation in the TRM/SDK.  It's actually keccak-384sum (not sha384sum) run over the PMUFW+FSBL blob and then appended to the end of that same blob.  Was able to get this applied to uboot SPL and boot correctly (or not boot if the blob and/or checksum is tampered with).

View solution in original post

4 Replies
maps-mpls
Mentor
Mentor
1,192 Views
Registered: ‎06-20-2017

Zynq or MPSoC?

 

Assuming Zynq, did you look through XAPP1175?

 

it is best to look at it in DocNav because you'll be able to download the files direct from DocNav.

*** Destination: Rapid design and development cycles *** Unappreciated answers get deleted, unappreciative OPs get put on ignored list ***
jdefields
Explorer
Explorer
1,181 Views
Registered: ‎12-02-2014

It's for a zynqmp. I'll check it out anyway though.  I also want to clarify.  This is not for secure boot.  It's just a checksum to make sure the boot binary's body has not been corrupted.

0 Kudos
jdefields
Explorer
Explorer
1,142 Views
Registered: ‎12-02-2014

BUMP, please help! 

0 Kudos
jdefields
Explorer
Explorer
1,474 Views
Registered: ‎12-02-2014

Figured it out.  Poor/lacking documentation in the TRM/SDK.  It's actually keccak-384sum (not sha384sum) run over the PMUFW+FSBL blob and then appended to the end of that same blob.  Was able to get this applied to uboot SPL and boot correctly (or not boot if the blob and/or checksum is tampered with).

View solution in original post