diff options
author | Breno Lima <breno.lima@nxp.com> | 2019-02-12 14:51:12 -0200 |
---|---|---|
committer | Ye Li <ye.li@nxp.com> | 2019-02-13 17:53:23 -0800 |
commit | 385ed19051a47f5858e8d326e5ee97f8a08a679d (patch) | |
tree | 167858255091a90c9563f803f73f4d7ef033edb7 /doc | |
parent | 99f9696ef5f7d1c0f93b7d910e884890fca6c973 (diff) |
MLK-20916-2: doc: imx: ahab: Update AHAB document to include ahab_status command
Since commit cf2acc5b7cde ("MLK-18942-2 imx8: ahab: Add ahab_status
command") the U-Boot is able to display and parse the SECO events.
Update AHAB guides to use U-Boot ahab_status command instead of
SCFW CLI.
Starting in SECO FW v0.2.0 engineering release an invalid image
integrity is logged as an event in open mode. As ahab_status
is able to return this event the note can be removed.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt | 31 | ||||
-rw-r--r-- | doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt | 33 |
2 files changed, 37 insertions, 27 deletions
diff --git a/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt b/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt index 214b40b4b2..c587a02d3a 100644 --- a/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt +++ b/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt @@ -268,24 +268,29 @@ The U-Boot fuse tool can be used for programming eFuses on i.MX SoCs. ------------------------- If the fuses have been written properly, there should be no SECO events after -boot. To validate this, power on the board, and run the following command on -the SCFW terminal: +boot. To validate this, power on the board, and run ahab_status command on +U-Boot terminal. - >$ seco events +No events should be returned after this command: -Nothing should be returned after this command. If you get an error, please -refer to examples below: + => ahab_status + Lifecycle: 0x0020, NXP closed -0x0087EE00 = The container image is not signed. -0x0087FA00 = The container image was signed with wrong key which are not - matching the OTP SRK hashes. + No SECO Events Found! -In case your SRK fuses are not programmed yet the event 0x0087FA00 may also -be displayed. +U-Boot will decode the SECO events and provide more details on the failure, +for example in case container image was signed with wrong keys and are not +matching the OTP SRK hashes: -Note: The SECO FW v1.1.0 is not logging an invalid image integrity as an event -in open mode, in case your image does not boot after moving the lifecycle -please review your image setup. + => ahab_status + Lifecycle: 0x0020, NXP closed + + SECO Event[0] = 0x0087EE00 + CMD = AHAB_AUTH_CONTAINER_REQ (0x87) + IND = AHAB_NO_AUTHENTICATION_IND (0xEE) + +Note: In case your SRK fuses are not programmed yet the event 0x0087FA00 may +also be displayed. 1.5.6 Close the device ----------------------- diff --git a/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt b/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt index bf4bf092d3..a22d4924e5 100644 --- a/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt +++ b/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt @@ -309,25 +309,30 @@ The U-Boot fuse tool can be used for programming eFuses on i.MX SoCs. 1.7 Verify SECO events ----------------------- -If the fuses have been written properly, there should be no SECO events -after boot. To validate this, power on the board, and run the following -command on the SCFW terminal: +If the fuses have been written properly, there should be no SECO events after +boot. To validate this, power on the board, and run ahab_status command on +U-Boot terminal. - >$ seco events +No events should be returned after this command: -Nothing should be returned after this command. If you get an error, please -refer to examples below: + => ahab_status + Lifecycle: 0x0020, NXP closed -0x0087EE00 = The container image is not signed. -0x0087FA00 = The container image was signed with wrong key which are not - matching the OTP SRK hashes. + No SECO Events Found! -In case your SRK fuses are not programmed yet the event 0x0087FA00 may also -be displayed. +U-Boot will decode the SECO events and provide more details on the failure, +for example in case container image was signed with wrong keys and are not +matching the OTP SRK hashes: -Note: The SECO FW v1.1.0 is not logging an invalid image integrity as an event -in open mode, in case your image does not boot after moving the lifecycle -please review your image setup. + => ahab_status + Lifecycle: 0x0020, NXP closed + + SECO Event[0] = 0x0087EE00 + CMD = AHAB_AUTH_CONTAINER_REQ (0x87) + IND = AHAB_NO_AUTHENTICATION_IND (0xEE) + +Note: In case your SRK fuses are not programmed yet the event 0x0087FA00 may +also be displayed. 1.8 Close the device --------------------- |