diff options
| author | Breno Lima <breno.lima@nxp.com> | 2019-02-15 16:37:56 -0200 |
|---|---|---|
| committer | Ye Li <ye.li@nxp.com> | 2020-04-26 23:26:39 -0700 |
| commit | e43f8b60fbcebee3c4fd8497ac2e52d6c31c029b (patch) | |
| tree | a087ddfa89e3d51ab510b3fd09a72b13fa55caa3 /doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt | |
| parent | bc0c0c9a7f5f8f871abfc559eaaea6bdb115b116 (diff) | |
MLK-20935-2 doc: imx: ahab: Include ahab_close command
Since commit 771b824728ca ("MLK-20919 imx8: ahab: Add command to
close the chip") the U-Boot is able to move the lifecycle from
NXP closed to OEM closed.
Update AHAB guides to use U-Boot ahab_close command instead of SCFW CLI.
As the procedure is now independent of SCFW terminal we can remove
this condition from documentation.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 6f93d877e1454024f666a4810d24148cf595429e)
(cherry picked from commit 4f6bc59ff94de150611d82b45365d24d356f30ef)
Diffstat (limited to 'doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt')
| -rw-r--r-- | doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt | 23 |
1 files changed, 9 insertions, 14 deletions
diff --git a/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt b/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt index af4e126cec..56e28d0a46 100644 --- a/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt +++ b/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt @@ -27,8 +27,7 @@ following: - SECO firmware downloaded. - U-Boot downloaded and built. Please check section 1.2. - ARM Trusted Firmware (ATF) downloaded and built for your target. -- System Controller Firmware (SCFW) downloaded and built for your board - with debug monitor enabled. +- System Controller Firmware (SCFW). - Kernel image. You should also have downloaded the Code Signing Tool, available on NXP @@ -198,11 +197,7 @@ Write the signed U-Boot image: $ sudo dd if=flash.signed.bin of=/dev/sdX bs=1k seek=32 ; sync Then insert the SD Card into the board and plug your device to your computer -with an USB serial cable. When you power on the board, you should have two -serial consoles: one for U-Boot, another one for SCFW. - -Please note that SCU console may be replaced by the M4 console. In case the M4 -image is needed, a base board will be required to access the SCU console. +with an USB serial cable. 1.5.4 Programming SRK Hash --------------------------- @@ -297,17 +292,17 @@ also be displayed. After the device successfully boots a signed image without generating any SECO security events, it is safe to close the device. The SECO lifecycle -should be changed from 32 (0x20) NXP open to 128 (0x80) OEM closed. Be -aware this step can damage your board if a previous step failed. It is -also irreversible. Run on the SCFW terminal: +should be changed from 0x20 NXP closed to 0x80 OEM closed. Be aware this +step can damage your board if a previous step failed. It is also +irreversible. Run on the U-Boot terminal: - >$ seco lifecycle 16 + => ahab_close -Now reboot the target, and on the same terminal, run: +Now reboot the target, and run: - >$ seco info + => ahab_status -The lifecycle value should now be 128 (0x80) OEM closed. +The lifecycle value should now be 0x80 OEM closed. 2. Authenticating the OS container ----------------------------------- |