In the document: i.MX RT1020 Processor Reference Manual, Rev. 1, 12/2018
In section: 8.3.6 Boot security settings
The text refers to an error log:
"All detected errors are logged"
" the error log can be examined to determine the cause of the authentication failure."
1. Are they talking about these HAB API functions: hab_rvt.report_event, hab_rvt.report_status ?
2. Can we access the error logs using the JTAG (assuming JTAG mode is still fully enabled)?
3. What if the HAB security setting is closed, can we access the error logs using JTAG if jtag is still fully enabled? Or any other way? My guess is no.
I managed to access the HAB event logs via JTAG.
This is how I extracted the data (RT1020-EVK board, HAB closed):
In a windows command window:
I ran gdb. E.g.:
Then I entered these commands:
(gdb) set remotetimeout 100000
(gdb) target extended-remote | c:/nxp/MCUXpressoIDE_11.0.1_2563/ide/plugins/com.nxp.mcuxpresso.tools.bin.win32_18.104.22.168908271452/binaries/crt_emu_cm_redlink.exe -pMIMXRT1021xxxxx -vendor=NXP -x "." -attach --args --probehandle 1
(gdb) set mem inaccessible-by-default off
(gdb) dump binary memory memdump_0x20201000_0x0B80.bin 0x20201000 0x20201B80
You probably don't need the "--probehandle 1" argument if you have only one probe connected. I was going via a LPC-LINK2 probe.
And you don't really need the "--args" argument.
So the file memdump_0x20201000_0x0B80.bin contains the contents of the HAB logs.
You can interpret this file using the following utility that comes with the CST package I downloaded (I ran this from a Ubuntu linux terminal running on windows 10):
<your path>/cst/cst-3.1.0/release/linux64/bin/hab_log_parser -b memdump_0x20201000_0x0B80.bin -o hab_log_parsed.txt
The location of the HAB event log for a particular device is found in the document:
AN12263.pdf, "HABv4 RVT Guidelines and Recommendations, Application Note, Rev. 0, 10/2018"
Section: "3. HAB Persistent Data"
Also to interpret the error events look at:
HAB4_API.pdf, "High Assurance Boot Version 4 Application Programming Interface Reference Manual"
For my case I found these sections helpful: "4.4 Events", "3.3 Check Target"
I hope this helps someone.
Sorry, I forgot to mention that you need to copy in the device specific .xml files to match the crt_emu_cm_redlink.exe -p argument. E.g. from a SDK demo copy in: evkmimxrt1020_iled_blinky/Debug/MIMXRT1021xxxxx*.xml
Note that for the RT1050, extraction of the HAB error log is exactly the same as the RT1020, apart from:
You need different .xml files, e.g. copy in: evkbimxrt1050_iled_blinky/Debug/MIMXRT1052xxxxB*.xml
And you need to change the crt_emu_cm_redlink.exe -p argument to: -pMIMXRT1052xxxxB
(Although I have managed to extract the error log with the wrong .xml and -p settings so the differences between the two setups is probably not relevant to the extraction of the HAB error log. At least for the two eval boards.)