Secure Boot Kernel will not boot

[Yalcin Seckin]

Hi all,

i cant boot my usbarmory mk2. I entered the following commands.

###################

# hardware switch to boot from uSD Card

# compile the bootloader

make CROSS_COMPILE=arm-none-eabi- imx_signed BOOT=uSD START=5242880 PUBLIC_KEY='last line of armory-boot.pub' HAB_KEYS=/usbarmory_hab_keys

# cat armory-boot.conf

{
  "kernel": [
    "/boot/zImage-5.10.82-0-usbarmory",
    "ea61edfa46ec4f242d3914114b8f065f32c1a1dde95ea463e1ea836c977214c8"
  ],
  "dtb": [
    "/boot/imx6ulz-usbarmory-tzns-5.10.82-0.dtb",
    "1fb243d8a7d8be39a7fcf777febd3d76a9fcb0eed626f3ff5313779eef4cee65"
  ],
  "cmdline": "console=ttymxc1,115200 root=/dev/mmcblk0p1 rootwait rw"
}

# create configuration sign

signify-openbsd -S -s armory-boot.sec -m armory-boot.conf -x armory-boot.conf.sig

# MemoryMap Sector Size 1s=512 bytes
# 1s                    Protective MBR LBA0
# 2s                    Primary GUID Partition Table Header LBA1
# 3s-4143s              armory-boot-signed.imx bootloader
# 4144s-4175s           GPT Partition Entrys
# 4175s-10239s          free
# 10240s-8394751s       Partition 1, 4.0 GiB 8300  Linux filesystem

# copy the bootloader
dd if=armory-boot-signed.imx of=/dev/sda bs=512 seek=2 conv=fsync

# create GPT
gdisk /dev/sda
 x - extra functionality (experts only)
 j - move the main partition table
  4144
 m - return to main menu
 o - create a new empty GUID partition table (GPT)
 n - add a new partition
  Partition number (1-128, default 1):
  First sector (4176-10485726, default = 6144) or {+-}size{KMGTP}: 10240 (START=5242880/512)
  Last sector (6144-10485726, default = 10485726) or {+-}size{KMGTP}: +4G
  Hex code or GUID (L to show codes, Enter = 8300):
 w - write table to disk and exit
  Do you want to proceed? (Y/N): Y

# copy the root filesystem

mount /dev/sda1 /mnt/temp1

mount usbarmory-mark-two-usd-debian_bullseye-base_image-20211129.raw1 /mnt/temp2

rsync -a /mnt/temp2/* /mnt/temp1/

# copy the armory-boot.conf*

rm /mnt/temp1/boot/armory-boot-nonsecure.conf

cp armory-boot.conf armory-boot.conf.sig /mnt/temp1/boot/

umount /mnt/temp{1,2}

###################

there are two cases:

first:

 if i plug in the usbarmory after long time (feew minutes) the blue and the white LED was on.

second:

if i replug the usbarmory after short time (feew seconds) the blue and the white LED was on for some milliseconds. Then only the blue LED is on.

can someone help me and tell me what i did wrong?

thanks and

best regards

[Yalcin Seckin]

the second case occurs only sporadically

[Andrej Rosano]

Hi Yalcin,

can you please share your host machine Linux version or at least
the signify tool version.

Also, but this is not related to the issue, if you are not using TrustZone
please use the default DTB file (imx6ulz-usbarmory-default-5.10.82-0.dtb) in
your armory-boot.conf as the "tzns" one limits the available RAM.

Thanks
Andrej

> --
> You received this message because you are subscribed to the Google Groups "USB armory" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to usbarmory+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/54cda02b-9afe-48a3-b37f-b938c6ce8752n%40googlegroups.com.


--
Andrej Rosano | Hardware Security | F-Secure
www.f-secure.com - foundry.f-secure.com
BDE1 62F4 7020 1588 8046 AE02 EA17 8C32 AB56 54CE

[Yalcin Seckin]

dpkg -l       -> ii signify-openbsd 30-2

wget           -> tamago-go1.17.4.linux-armv7l.tar.gz

uname -a  -> Linux usbarmory 4.14.116-0 #1 PREEMPT Mon May 6 16:17:50 CEST 2019 armv7l GNU/Linux

in the best case, I would like to use all the features. So also with TrustZone. Is there anything else to do besides the DTB?

I followed the description in

 https://github.com/f-secure-foundry/usbarmory/wiki/Secure-boot-(Mk-II)

 and

 https://github.com/f-secure-foundry/armory-boot

[Andrej Rosano]

Hi Yalcin,

we successfully tested the signify version you are using.

Please test using by disabling the armory-boot.conf authentication, this
can be done by not specifying the PUBLIC_KEY in the make command:

1) Download the last Debian image [1] and flash it on microSD

2) Ensure you can successfully boot that image. You can test this
only if you have not already locked the secure boot on your armory.

3) on microSD rename "/boot/armory-boot-nonsecure.conf" to "/boot/armory-boot.conf"

4) Check out the master branch on armory-boot repo (commit: 5fa84fa5ff94fbe66d5743ed08f180f337057892)
and compile it:

make CROSS_COMPILE=arm-none-eabi- imx_signed BOOT=uSD START=5242880 HAB_KEYS=/path/to/hab-keys

5) Flash the bootloader:

dd if=armory-boot.imx of=/dev/sdX bs=512 seek=2 conv=fsync

Cheers
Andrej

[1] https://github.com/f-secure-foundry/usbarmory-debian-base_image/releases/download/20211129/usbarmory-mark-two-usd-debian_bullseye-base_image-20211129.raw.xz

> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/5c5e6df5-1604-4a4c-ab59-c39b1303df5bn%40googlegroups.com.

[Yalcin Seckin]

Hello Andrej,

first i wish you a merry christmas!

to the 2nd point) I've tested it successfully before I did lock the secure boot.

to 3nd - 5nd) unfortunately no change in behavior. The white and blue LED is on. I assume you mean to flash armory-boot-signed.imx. I tested both.

to 5nd) I think that overwrites the GPT

gdisk -l /dev/sda

# GPT fdisk (gdisk) version 1.0.6
#
# Warning: Partition table header claims that the size of partition table
# entries is 0 bytes, but this program  supports only 128-byte entries.
# Adjusting accordingly, but partition table may be garbage.

# Caution: invalid main GPT header, but valid backup; regenerating main header
# from backup!
#
# Warning: Invalid CRC on main header data; loaded backup partition table.
# Warning! Main and backup partition tables differ! Use the 'c' and 'e' options
# on the recovery & transformation menu to examine the two tables.
#
# Warning! Main partition table CRC mismatch! Loaded backup partition table
# instead of main partition table!

# Warning! One or more CRCs don't match. You should repair the disk!
# Main header: ERROR
# Backup header: OK
# Main partition table: ERROR
# Backup partition table: OK
#
# Partition table scan:
#   MBR: MBR only
#   BSD: not present
#   APM: not present
#   GPT: damaged
#
# Found valid MBR and corrupt GPT. Which do you want to use? (Using the
# GPT MAY permit recovery of GPT data.)
 # 1 - MBR
 # 2 - GPT
 # 3 - Create blank GPT
#
 Your answer: 2
# Disk /dev/sda: 31116288 sectors, 14.8 GiB
# Model: Storage Device  
# Sector size (logical/physical): 512/512 bytes
# Disk identifier (GUID): xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx
# Partition table holds up to 128 entries
# Main partition table begins at sector 2 and ends at sector 33         <======= there is the armory-boot{-signed,}.imx
# First usable sector is 34, last usable sector is 31116254
# Partitions will be aligned on 2048-sector boundaries
# Total free space is 22727613 sectors (10.8 GiB)
#
# Number  Start (sector)    End (sector)  Size       Code  Name
#   1           10240         8398847   4.0 GiB     8300  Linux filesystem

i tried with different PartTable location (this time with 5000*512). Same result.

-rw-r--r-- 1 yalcin yalcin 2104320 25. Dez 20:33 armory-boot.imx
-rw-r--r-- 1 yalcin yalcin 2120704 25. Dez 20:38 armory-boot-signed.imx     (2120704/512=4142 sectors)

A) is there a way to write debug information on the card?

regards

[Yalcin Seckin]

code in the main.go which should make the LEDs flash is apparently not executed.

import (

...

"time"

)

usbarmory.LED("blue", false)

time.Sleep(3 * time.Second)

usbarmory.LED("blue", true)

time.Sleep(3 * time.Second)

usbarmory.LED("blue", false)

make clean

make CROSS_COMPILE=arm-none-eabi- imx_signed BOOT=uSD START=5242880 HAB_KEYS=/path/to/hab-keys

dd with seek=2

[Andrej Rosano]

On 2021-12-25 Sat, 'Yalcin Seckin' via USB armory wrote:
> Hello Andrej,
> first i wish you a merry christmas!
>
> to the 2nd point) I've tested it successfully before I did lock the secure
> boot.
> to 3nd - 5nd) unfortunately no change in behavior. The white and blue LED
> is on. I assume you mean to flash armory-boot-signed.imx. I tested both.
>
> to 5nd) I think that overwrites the GPT

There is a MBR, not GPT, on the published Debian images. This is the
gdistk output you should get:

~# gdisk -l /dev/mmcblk0
GPT fdisk (gdisk) version 1.0.8

Partition table scan:
MBR: MBR only
BSD: not present
APM: not present
GPT: not present


***************************************************************
Found invalid GPT and valid MBR; converting MBR to GPT format
in memory.
***************************************************************

Disk /dev/mmcblk0: 62333952 sectors, 29.7 GiB

Sector size (logical/physical): 512/512 bytes

Disk identifier (GUID): 23FD947A-C4BF-426A-9313-BE7A41FD3A9C

Partition table holds up to 128 entries

Main partition table begins at sector 2 and ends at sector 33

First usable sector is 34, last usable sector is 62333918

Partitions will be aligned on 2048-sector boundaries

Total free space is 55176125 sectors (26.3 GiB)

Number Start (sector) End (sector) Size Code Name

1 10240 7167999 3.4 GiB 8300 Linux filesystem


Please ensure you are correctly flashing the correct Debian image.
In case you need to move the start of the first partition you need
to properly set the `START` variable when compiling armory-boot.

Cheers
Andrej

> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/b7a436ca-3db4-40a6-958c-3a1332b81d10n%40googlegroups.com.

[Yalcin Seckin]

dd if=usbarmory-mark-two-usd-debian_bullseye-base_image-20211129.raw of=/dev/sda bs=4M status=progress

make CROSS_COMPILE=arm-none-eabi- imx_signed BOOT=uSD START=5242880 HAB_KEYS=/path/to/hab-keys

dd if=armory-boot-signed.imx of=/dev/sda bs=512 seek=2 conv=fsync

mount and rename armory-boot-unsecure.conf; umount; sync

unfortunately no success.

The problem is probably somewhere between the start of the hardware and the bootloader.

The beginning of the code in the main.go is not executed.

cheers

[Yalcin Seckin]

Hello Andrej,

Is there any way to salvage the device or is it bricked?

I can't remember any errors in the HAB configuration. But I'm not sure either.

:'(

Best

[Andrej Rosano]

Hi Yalcin,

for what I can tell there seems to be some HAB misconfiguration.

Did you ever test the secure boot before closing down the device in secure boot
only mode? If for some reason the SRK hash fused on the device is not the
correct one, then the device is bricked.

For further assistance regarding your unit please contact us on
usba...@f-secure.com.

Thanks
Andrej

> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/6d846c16-978b-4d31-8c15-d0819e8c92b8n%40googlegroups.com.