diff options
author | Breno Lima <breno.lima@nxp.com> | 2019-02-12 14:51:12 -0200 |
---|---|---|
committer | Ye Li <ye.li@nxp.com> | 2020-04-26 23:26:39 -0700 |
commit | 0050d0c06a3daa2f50d165d124b1ba5e7ef2495c (patch) | |
tree | 8ebaa6aa41272d19672f04960df0c9aae62de60b | |
parent | a1c33706f6a3b78350817bd27a8d0f15ce52ccd9 (diff) |
MLK-20916-2: doc: imx: ahab: Update AHAB document to include ahab_status command
Since commit cf2acc5b7cde ("MLK-18942-2 imx8: ahab: Add ahab_status
command") the U-Boot is able to display and parse the SECO events.
Update AHAB guides to use U-Boot ahab_status command instead of
SCFW CLI.
Starting in SECO FW v0.2.0 engineering release an invalid image
integrity is logged as an event in open mode. As ahab_status
is able to return this event the note can be removed.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 385ed19051a47f5858e8d326e5ee97f8a08a679d)
(cherry picked from commit 4a88ca0aecec31d0877d7a620fa796a83387a195)
-rw-r--r-- | doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt | 31 | ||||
-rw-r--r-- | doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt | 33 |
2 files changed, 37 insertions, 27 deletions
diff --git a/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt b/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt index 3cdfd75c8e..af4e126cec 100644 --- a/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt +++ b/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt @@ -268,24 +268,29 @@ The U-Boot fuse tool can be used for programming eFuses on i.MX SoCs. ------------------------- If the fuses have been written properly, there should be no SECO events after -boot. To validate this, power on the board, and run the following command on -the SCFW terminal: +boot. To validate this, power on the board, and run ahab_status command on +U-Boot terminal. - >$ seco events +No events should be returned after this command: -Nothing should be returned after this command. If you get an error, please -refer to examples below: + => ahab_status + Lifecycle: 0x0020, NXP closed -0x0087EE00 = The container image is not signed. -0x0087FA00 = The container image was signed with wrong key which are not - matching the OTP SRK hashes. + No SECO Events Found! -In case your SRK fuses are not programmed yet the event 0x0087FA00 may also -be displayed. +U-Boot will decode the SECO events and provide more details on the failure, +for example in case container image was signed with wrong keys and are not +matching the OTP SRK hashes: -Note: The SECO FW v1.1.0 is not logging an invalid image integrity as an event -in open mode, in case your image does not boot after moving the lifecycle -please review your image setup. + => ahab_status + Lifecycle: 0x0020, NXP closed + + SECO Event[0] = 0x0087EE00 + CMD = AHAB_AUTH_CONTAINER_REQ (0x87) + IND = AHAB_NO_AUTHENTICATION_IND (0xEE) + +Note: In case your SRK fuses are not programmed yet the event 0x0087FA00 may +also be displayed. 1.5.6 Close the device ----------------------- diff --git a/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt b/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt index f903358687..57ec140bfb 100644 --- a/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt +++ b/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt @@ -309,25 +309,30 @@ The U-Boot fuse tool can be used for programming eFuses on i.MX SoCs. 1.7 Verify SECO events ----------------------- -If the fuses have been written properly, there should be no SECO events -after boot. To validate this, power on the board, and run the following -command on the SCFW terminal: +If the fuses have been written properly, there should be no SECO events after +boot. To validate this, power on the board, and run ahab_status command on +U-Boot terminal. - >$ seco events +No events should be returned after this command: -Nothing should be returned after this command. If you get an error, please -refer to examples below: + => ahab_status + Lifecycle: 0x0020, NXP closed -0x0087EE00 = The container image is not signed. -0x0087FA00 = The container image was signed with wrong key which are not - matching the OTP SRK hashes. + No SECO Events Found! -In case your SRK fuses are not programmed yet the event 0x0087FA00 may also -be displayed. +U-Boot will decode the SECO events and provide more details on the failure, +for example in case container image was signed with wrong keys and are not +matching the OTP SRK hashes: -Note: The SECO FW v1.1.0 is not logging an invalid image integrity as an event -in open mode, in case your image does not boot after moving the lifecycle -please review your image setup. + => ahab_status + Lifecycle: 0x0020, NXP closed + + SECO Event[0] = 0x0087EE00 + CMD = AHAB_AUTH_CONTAINER_REQ (0x87) + IND = AHAB_NO_AUTHENTICATION_IND (0xEE) + +Note: In case your SRK fuses are not programmed yet the event 0x0087FA00 may +also be displayed. 1.8 Close the device --------------------- |