MLK-20916-2: doc: imx: ahab: Update AHAB document to include ahab_status command

Since commit cf2acc5b7cde ("MLK-18942-2 imx8: ahab: Add ahab_status
 command") the U-Boot is able to display and parse the SECO events.

Update AHAB guides to use U-Boot ahab_status command instead of
SCFW CLI.

Starting in SECO FW v0.2.0 engineering release an invalid image
integrity is logged as an event in open mode. As ahab_status
is able to return this event the note can be removed.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>

2 files changed, 37 insertions, 27 deletions

diff --git a/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt b/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt
index 214b40b4b2..c587a02d3a 100644
--- a/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt
+++ b/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt
@@ -268,24 +268,29 @@ The U-Boot fuse tool can be used for programming eFuses on i.MX SoCs.
 -------------------------
 
 If the fuses have been written properly, there should be no SECO events after
-boot. To validate this, power on the board, and run the following command on
-the SCFW terminal:
+boot. To validate this, power on the board, and run ahab_status command on
+U-Boot terminal.
 
-  >$ seco events
+No events should be returned after this command:
 
-Nothing should be returned after this command. If you get an error, please
-refer to examples below:
+  => ahab_status
+  Lifecycle: 0x0020, NXP closed
 
-0x0087EE00 = The container image is not signed.
-0x0087FA00 = The container image was signed with wrong key which are not
-             matching the OTP SRK hashes.
+  No SECO Events Found!
 
-In case your SRK fuses are not programmed yet the event 0x0087FA00 may also
-be displayed.
+U-Boot will decode the SECO events and provide more details on the failure,
+for example in case container image was signed with wrong keys and are not
+matching the OTP SRK hashes:
 
-Note: The SECO FW v1.1.0 is not logging an invalid image integrity as an event
-in open mode, in case your image does not boot after moving the lifecycle
-please review your image setup.
+  => ahab_status
+  Lifecycle: 0x0020, NXP closed
+
+  SECO Event[0] = 0x0087EE00
+          CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
+          IND = AHAB_NO_AUTHENTICATION_IND (0xEE)
+
+Note: In case your SRK fuses are not programmed yet the event 0x0087FA00 may
+also be displayed.
 
 1.5.6 Close the device
 -----------------------
diff --git a/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt b/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt
index bf4bf092d3..a22d4924e5 100644
--- a/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt
+++ b/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt
@@ -309,25 +309,30 @@ The U-Boot fuse tool can be used for programming eFuses on i.MX SoCs.
 1.7 Verify SECO events
 -----------------------
 
-If the fuses have been written properly, there should be no SECO events
-after boot. To validate this, power on the board, and run the following
-command on the SCFW terminal:
+If the fuses have been written properly, there should be no SECO events after
+boot. To validate this, power on the board, and run ahab_status command on
+U-Boot terminal.
 
-  >$ seco events
+No events should be returned after this command:
 
-Nothing should be returned after this command. If you get an error, please
-refer to examples below:
+  => ahab_status
+  Lifecycle: 0x0020, NXP closed
 
-0x0087EE00 = The container image is not signed.
-0x0087FA00 = The container image was signed with wrong key which are not
-             matching the OTP SRK hashes.
+  No SECO Events Found!
 
-In case your SRK fuses are not programmed yet the event 0x0087FA00 may also
-be displayed.
+U-Boot will decode the SECO events and provide more details on the failure,
+for example in case container image was signed with wrong keys and are not
+matching the OTP SRK hashes:
 
-Note: The SECO FW v1.1.0 is not logging an invalid image integrity as an event
-in open mode, in case your image does not boot after moving the lifecycle
-please review your image setup.
+  => ahab_status
+  Lifecycle: 0x0020, NXP closed
+
+  SECO Event[0] = 0x0087EE00
+          CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
+          IND = AHAB_NO_AUTHENTICATION_IND (0xEE)
+
+Note: In case your SRK fuses are not programmed yet the event 0x0087FA00 may
+also be displayed.
 
 1.8 Close the device
 ---------------------