ahab_close error

dd_neu · ‎02-27-2025

I'm getting the following error when trying to close my board. What would cause this error?

=> ahab_status
Lifecycle: 0x00000008, OEM Open


        No Events Found!
=> ahab_close
Warning: Please ensure your sample is in NXP closed state, OEM SRK hash has been fused, 
         and you are able to boot a signed image successfully without any SECO events reported.
         If not, your sample will be unrecoverable.

Really perform this operation? <y/N>
y
Error: ele_forward_lifecycle: ret -5, life_cycle 0x8, response 0xbb29
Error in forward lifecycle to OEM closed
exit not allowed from main input shell.

I also tried using nxpele with similar results.

~/src/imx-yocto-bsp-secureboot/build/tmp/deploy/images/imx8ulp-lpddr4-evk/imx-boot-tools/files$ sudo /home/ddresser/src/venv/bin/nxpele -f mimx8ulp forward-lifecycle-update -l OEM_CLOSED 
[sudo] password for ddresser:                                                                                                                                                                                     
ERROR:UUUState:Command FB:UCMD ele_message 0x80000000 0x20000 0602951708000000 failed with error code -1 (477ms since start, spsdk_uuu.py:106)                                                                    
SPSDKError: SPSDK: ELE Message failed.                                                                                                                                                                            
Command:         ELE_FWD_LIFECYCLE_UP_REQ - (0x95)                                                                                                                                                                
Command words:   2                                                                                                                                                                                                
Command data:    False                                                                                                                                                                                            
Response words:  2                                                                                                                                                                                                
Response data:   False                                                                                                                                                                                            
Response status: Failure                                                                                                                                                                                          
   Response indication: ELE_AUTH_SKIPPED_OR_FAILED_FAILURE_IND - (0xbb)                                                                                                                                           
   Response abort code: 0x0

devanlec

Hi, I'm seeing the same error code when attempting to forward the lifecycle from OEM open to OEM closed on an i.MX93 from userspace.

My current sequence is:

Flash a secure boot image following the NXP security reference design with AHAB enabled and the kernel image in a signed container.
From userspace, burn in SRKH efuses using the imx-secure-enclave library
Attempt to forward the lifecycle to OEM closed now that the SRKH efuses are burned in.
At this point, I see the 0xbb29 error and I have to reboot before I can successfully forward the lifecycle.

Is there a process that would allow burning in the SRKH efuses and forwarding the lifecycle in a single boot, or is it inherently necessary to reboot between these steps (maybe to clear the ELE lifecycle events from the initial boot without the SRKH fuses burned)?

Harvey021 · ‎03-03-2025

I've replied back to you in system email.

Please let me know if you need further support.

Regards

Harvey