- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- Re: Capsule Update Testcase Failure in ARM SystemReady ACS for iMX93 EVK
Capsule Update Testcase Failure in ARM SystemReady ACS for iMX93 EVK
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Capsule Update Testcase Failure in ARM SystemReady ACS for iMX93 EVK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Setup Details:
Hardware:
- NXP iMX93 EVK, booting from SD card.
Software:
- U-Boot: Built with STMM (Secure Trusted Management Module) enabled, based on NXP’s meta-imx styhead branch.
- ACS Image: Deployed on USB, with CapsuleApp.efi and capsule1.bin in FS0:\acs_tests\app.
- Yocto Layer: Using meta-woden for SystemReady test environment, aligned with NXP’s iMX93 BSP.
Issue Description:
- During the ACS Capsule Update test (https://developer.arm.com/documentation/DUI1101/3-0/Test-SystemReady-Devicetree-band/Test-UpdateCaps...), I executed:
FS0:\acs_tests\app\CapsuleApp.efi FS0:\acs_tests\app\signed_capsule.bin -OD
This resulted in:
Image not authenticated
Error Status: Security Violation
Suspecting Secure Boot or STMM authentication issues, I disabled CONFIG_OPTEE=y in the U-Boot defconfig, rebuilt, and reflashed the SD card. I then ran:
FS0:\acs_tests\app\CapsuleApp.efi FS0:\acs_tests\app\capsule1.bin -OD
This produced expected ASSERT_EFI_ERROR (Status = Not Found) messages (as per ACS documentation, https://developer.arm.com/documentation/DUI1101/3-0/Test-SystemReady-Devicetree-band/Test-ESRT), followed by:
CapsuleApp: creating capsule descriptors at 0xDD494040
CapsuleApp: capsule data starts at 0xDD0E3040 with size 0x277577
CapsuleApp: capsule block/size 0xDD0E3040/0x277577
Found EFI system partition on Boot0001: usb 0
FS0:;BLK3:
Succeed to write capsule1.bin
resetting ...
The capsule was written, and the system reset, but in this case OPTEE has been disabled.
Request Details:
1. Guidance on resolving the "Security Violation" error with CONFIG_OPTEE=y and STMM enabled:
- Are there specific signing keys or UEFI variable configurations (e.g., PK/KEK/db) required for the iMX93 BSP to support capsule update with Secure Boot enabled?
- What specific configurations for Secure Boot or STMM might be required to allow capsule update to pass the ACS test?
2. Known issues or patches for Capsule Update support in iMX93 BSP:
- Any documented issues or patches related to Capsule Update handling or UEFI variable management in the iMX93 BSP?
3. Recommendations for configuring the iMX93 EVK BSP to pass the ACS Capsule Update test:
- How to ensure correct handling of capsule updates when Secure Boot is enabled.
- Recommendations for the appropriate configuration of the iMX93 BSP for successful Capsule Update tests in the ACS.
Please let me know if additional logs (e.g., ACS output, U-Boot console, ESRT table) or setup details are required.
Thank you!
#iMX93 #SystemReady
Harvey021
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @arka
I see there was already one ticket with the same problems - 00705404.
And our engineer has been already working with internal team to assist.
So, Let's have a ticket to follow up that.
Regards
Harvey
