MLK-20916-2: doc: imx: ahab: Update AHAB document to include ahab_status command
Since commit cf2acc5b7cde ("MLK-18942-2 imx8: ahab: Add ahab_status
command") the U-Boot is able to display and parse the SECO events.
Update AHAB guides to use U-Boot ahab_status command instead of
SCFW CLI.
Starting in SECO FW v0.2.0 engineering release an invalid image
integrity is logged as an event in open mode. As ahab_status
is able to return this event the note can be removed.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 385ed19051a47f5858e8d326e5ee97f8a08a679d)
diff --git a/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt b/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt
index 3cdfd75..af4e126 100644
--- a/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt
+++ b/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt
@@ -268,24 +268,29 @@
-------------------------
If the fuses have been written properly, there should be no SECO events after
-boot. To validate this, power on the board, and run the following command on
-the SCFW terminal:
+boot. To validate this, power on the board, and run ahab_status command on
+U-Boot terminal.
- >$ seco events
+No events should be returned after this command:
-Nothing should be returned after this command. If you get an error, please
-refer to examples below:
+ => ahab_status
+ Lifecycle: 0x0020, NXP closed
-0x0087EE00 = The container image is not signed.
-0x0087FA00 = The container image was signed with wrong key which are not
- matching the OTP SRK hashes.
+ No SECO Events Found!
-In case your SRK fuses are not programmed yet the event 0x0087FA00 may also
-be displayed.
+U-Boot will decode the SECO events and provide more details on the failure,
+for example in case container image was signed with wrong keys and are not
+matching the OTP SRK hashes:
-Note: The SECO FW v1.1.0 is not logging an invalid image integrity as an event
-in open mode, in case your image does not boot after moving the lifecycle
-please review your image setup.
+ => ahab_status
+ Lifecycle: 0x0020, NXP closed
+
+ SECO Event[0] = 0x0087EE00
+ CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
+ IND = AHAB_NO_AUTHENTICATION_IND (0xEE)
+
+Note: In case your SRK fuses are not programmed yet the event 0x0087FA00 may
+also be displayed.
1.5.6 Close the device
-----------------------
diff --git a/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt b/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt
index f903358..57ec140 100644
--- a/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt
+++ b/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt
@@ -309,25 +309,30 @@
1.7 Verify SECO events
-----------------------
-If the fuses have been written properly, there should be no SECO events
-after boot. To validate this, power on the board, and run the following
-command on the SCFW terminal:
+If the fuses have been written properly, there should be no SECO events after
+boot. To validate this, power on the board, and run ahab_status command on
+U-Boot terminal.
- >$ seco events
+No events should be returned after this command:
-Nothing should be returned after this command. If you get an error, please
-refer to examples below:
+ => ahab_status
+ Lifecycle: 0x0020, NXP closed
-0x0087EE00 = The container image is not signed.
-0x0087FA00 = The container image was signed with wrong key which are not
- matching the OTP SRK hashes.
+ No SECO Events Found!
-In case your SRK fuses are not programmed yet the event 0x0087FA00 may also
-be displayed.
+U-Boot will decode the SECO events and provide more details on the failure,
+for example in case container image was signed with wrong keys and are not
+matching the OTP SRK hashes:
-Note: The SECO FW v1.1.0 is not logging an invalid image integrity as an event
-in open mode, in case your image does not boot after moving the lifecycle
-please review your image setup.
+ => ahab_status
+ Lifecycle: 0x0020, NXP closed
+
+ SECO Event[0] = 0x0087EE00
+ CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
+ IND = AHAB_NO_AUTHENTICATION_IND (0xEE)
+
+Note: In case your SRK fuses are not programmed yet the event 0x0087FA00 may
+also be displayed.
1.8 Close the device
---------------------
