Commit 4f6bc59ff94de150611d82b45365d24d356f30ef
Committed by
Ye Li
1 parent
66f05532d5
Exists in
smarc_8mm-imx_v2019.04_4.19.35_1.1.0
and in
1 other branch
MLK-20935-2 doc: imx: ahab: Include ahab_close command
Since commit 771b824728ca ("MLK-20919 imx8: ahab: Add command to close the chip") the U-Boot is able to move the lifecycle from NXP closed to OEM closed. Update AHAB guides to use U-Boot ahab_close command instead of SCFW CLI. As the procedure is now independent of SCFW terminal we can remove this condition from documentation. Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> (cherry picked from commit 6f93d877e1454024f666a4810d24148cf595429e)
Showing 2 changed files with 17 additions and 27 deletions Side-by-side Diff
doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt
... | ... | @@ -27,8 +27,7 @@ |
27 | 27 | - SECO firmware downloaded. |
28 | 28 | - U-Boot downloaded and built. Please check section 1.2. |
29 | 29 | - ARM Trusted Firmware (ATF) downloaded and built for your target. |
30 | -- System Controller Firmware (SCFW) downloaded and built for your board | |
31 | - with debug monitor enabled. | |
30 | +- System Controller Firmware (SCFW). | |
32 | 31 | - Kernel image. |
33 | 32 | |
34 | 33 | You should also have downloaded the Code Signing Tool, available on NXP |
35 | 34 | |
... | ... | @@ -198,12 +197,8 @@ |
198 | 197 | $ sudo dd if=flash.signed.bin of=/dev/sdX bs=1k seek=32 ; sync |
199 | 198 | |
200 | 199 | Then insert the SD Card into the board and plug your device to your computer |
201 | -with an USB serial cable. When you power on the board, you should have two | |
202 | -serial consoles: one for U-Boot, another one for SCFW. | |
200 | +with an USB serial cable. | |
203 | 201 | |
204 | -Please note that SCU console may be replaced by the M4 console. In case the M4 | |
205 | -image is needed, a base board will be required to access the SCU console. | |
206 | - | |
207 | 202 | 1.5.4 Programming SRK Hash |
208 | 203 | --------------------------- |
209 | 204 | |
210 | 205 | |
211 | 206 | |
212 | 207 | |
213 | 208 | |
... | ... | @@ -297,17 +292,17 @@ |
297 | 292 | |
298 | 293 | After the device successfully boots a signed image without generating any |
299 | 294 | SECO security events, it is safe to close the device. The SECO lifecycle |
300 | -should be changed from 32 (0x20) NXP open to 128 (0x80) OEM closed. Be | |
301 | -aware this step can damage your board if a previous step failed. It is | |
302 | -also irreversible. Run on the SCFW terminal: | |
295 | +should be changed from 0x20 NXP closed to 0x80 OEM closed. Be aware this | |
296 | +step can damage your board if a previous step failed. It is also | |
297 | +irreversible. Run on the U-Boot terminal: | |
303 | 298 | |
304 | - >$ seco lifecycle 16 | |
299 | + => ahab_close | |
305 | 300 | |
306 | -Now reboot the target, and on the same terminal, run: | |
301 | +Now reboot the target, and run: | |
307 | 302 | |
308 | - >$ seco info | |
303 | + => ahab_status | |
309 | 304 | |
310 | -The lifecycle value should now be 128 (0x80) OEM closed. | |
305 | +The lifecycle value should now be 0x80 OEM closed. | |
311 | 306 | |
312 | 307 | 2. Authenticating the OS container |
313 | 308 | ----------------------------------- |
doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt
... | ... | @@ -23,7 +23,7 @@ |
23 | 23 | - SECO Firmware. |
24 | 24 | - U-Boot proper and SPL. (Please refer to section 1.2) |
25 | 25 | - ARM Trusted Firmware (ATF). |
26 | -- System Controller Firmware (SCFW) with debug monitor enabled. | |
26 | +- System Controller Firmware (SCFW). | |
27 | 27 | - Cortex M binary. (Optional) |
28 | 28 | - Kernel image. (Optional) |
29 | 29 | - Code signing tools (CST). |
... | ... | @@ -240,11 +240,6 @@ |
240 | 240 | |
241 | 241 | $ sudo dd if=signed-flash.bin of=/dev/sd<X> bs=1k seek=32 && sync |
242 | 242 | |
243 | -For the next steps you should be able to see U-Boot and SCFW consoles in your | |
244 | -host PC. Please note that SCU console may be replaced by the M4 console, in | |
245 | -case the M4 image is needed a base board will be required to access the SCU | |
246 | -console. | |
247 | - | |
248 | 243 | 1.6 Programming SRK Hash |
249 | 244 | ------------------------- |
250 | 245 | |
251 | 246 | |
252 | 247 | |
253 | 248 | |
254 | 249 | |
... | ... | @@ -339,17 +334,17 @@ |
339 | 334 | |
340 | 335 | After the device successfully boots a signed image without generating any |
341 | 336 | SECO security events, it is safe to close the device. The SECO lifecycle |
342 | -should be changed from 32 (0x20) NXP open to 128 (0x80) OEM closed. Be | |
343 | -aware this step can damage your board if a previous step failed. It is | |
344 | -also irreversible. Run on the SCFW terminal: | |
337 | +should be changed from 0x20 NXP closed to 0x80 OEM closed. Be aware this | |
338 | +step can damage your board if a previous step failed. It is also | |
339 | +irreversible. Run on the U-Boot terminal: | |
345 | 340 | |
346 | - >$ seco lifecycle 16 | |
341 | + => ahab_close | |
347 | 342 | |
348 | -Now reboot the target, and on the same terminal, run: | |
343 | +Now reboot the target, and run: | |
349 | 344 | |
350 | - >$ seco info | |
345 | + => ahab_status | |
351 | 346 | |
352 | -The lifecycle value should now be 128 (0x80) OEM closed. | |
347 | +The lifecycle value should now be 0x80 OEM closed. | |
353 | 348 | |
354 | 349 | 2. Authenticating the OS container |
355 | 350 | ----------------------------------- |
-
mentioned in commit e43f8b
-
mentioned in commit e43f8b
-
mentioned in commit e43f8b
-
mentioned in commit e43f8b
-
mentioned in commit c03b9b
-
mentioned in commit c03b9b
-
mentioned in commit e43f8b
-
mentioned in commit c03b9b
-
mentioned in commit c03b9b
-
mentioned in commit c03b9b
-
mentioned in commit c03b9b
-
mentioned in commit 97050b