ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

AHAB: status information and user space tools

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

AHAB: status information and user space tools

ソリューションへジャンプ
‎08-24-2021 10:32 AM
1,979件の閲覧回数
OlegHahm
Contributor I

Hi!

I'm currently developing a secure boot solution for one of our customers. Following some tutorials (including the ones provided by U-Boot itself), I've managed to get a signed version of U-Boot to execute on my iMX.8 Quad Plus.

Since I haven't programmed the fuses yet, I get a message like

Lifecycle: 0x0020, NXP closed

SECO Event[0] = 0x0087FA00
        CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
        IND = AHAB_BAD_KEY_HASH_IND (0xFA)

SECO Event[1] = 0x0087FA00
        CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
        IND = AHAB_BAD_KEY_HASH_IND (0xFA)

sc_seco_get_event: idx: 2, res:3

when calling ahab_status from the U-Boot CLI.

Now I wonder if there's any documentation on this output and if there are any Linux user space tools to read the SECO information.

 

タグ(1)
0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎08-29-2021 10:00 PM
1,965件の閲覧回数
Yuri
NXP Employee
NXP Employee

@OlegHahm 
Hello,

  According to the following

https://www.digi.com/resources/documentation/digidocs/embedded/dey/2.6/cc8x/yocto-trustfence_t_secur...

"For the command field (CMD), the expected value at this step is 0x87 (ID for AHAB_AUTH_CONTAINER_REQ). The indicator field (IND) shows the code AHAB_BAD_KEY_HASH_IND (0xFA) because the key hash verification does not match the current OTPs. Once the OTP SRK hash fuses are programmed on the target OTPs, the AHAB events will no longer have errors.

See the NXP secure boot application notes for more information on event decoding."

 

 Please use section 4.3 (Verifying/Decoding SECO events) of AN12312 (Secure Boot
on i.MX 8 and i.MX 8X Families using AHAB).

https://www.nxp.com/webapp/Download?colCode=AN12312

 

Regards,
Yuri.

元の投稿で解決策を見る

返信
3 返答(返信)

ソリューションへジャンプ
‎08-29-2021 10:00 PM
1,966件の閲覧回数
Yuri
NXP Employee
NXP Employee

@OlegHahm 
Hello,

  According to the following

https://www.digi.com/resources/documentation/digidocs/embedded/dey/2.6/cc8x/yocto-trustfence_t_secur...

"For the command field (CMD), the expected value at this step is 0x87 (ID for AHAB_AUTH_CONTAINER_REQ). The indicator field (IND) shows the code AHAB_BAD_KEY_HASH_IND (0xFA) because the key hash verification does not match the current OTPs. Once the OTP SRK hash fuses are programmed on the target OTPs, the AHAB events will no longer have errors.

See the NXP secure boot application notes for more information on event decoding."

 

 Please use section 4.3 (Verifying/Decoding SECO events) of AN12312 (Secure Boot
on i.MX 8 and i.MX 8X Families using AHAB).

https://www.nxp.com/webapp/Download?colCode=AN12312

 

Regards,
Yuri.

返信

ソリューションへジャンプ
‎09-01-2021 04:00 AM
1,958件の閲覧回数
OlegHahm
Contributor I

Thanks for the pointer, this is helpful indeed. However, I'm still wondering if there is a way to retrieve the AHAB status information from within Linux (not U-Boot). Do you have any idea?

0 件の賞賛
返信

ソリューションへジャンプ
‎09-01-2021 04:07 AM
1,956件の閲覧回数
Yuri
NXP Employee
NXP Employee

@OlegHahm 
Hello,

  we do not have such utility for Linux user space

Regards,
Yuri.

返信