Can I access HAB error logs via JTAG?

rshipman · ‎01-09-2020

In the document: i.MX RT1020 Processor Reference Manual, Rev. 1, 12/2018

In section: 8.3.6 Boot security settings

The text refers to an error log:

"All detected errors are logged"

" the error log can be examined to determine the cause of the authentication failure."

etc.

Some questions:

1. Are they talking about these HAB API functions: hab_rvt.report_event, hab_rvt.report_status ?

2. Can we access the error logs using the JTAG (assuming JTAG mode is still fully enabled)?

3. What if the HAB security setting is closed, can we access the error logs using JTAG if jtag is still fully enabled? Or any other way? My guess is no.

Many thanks.

rshipman · ‎01-10-2020

I managed to access the HAB event logs via JTAG.

This is how I extracted the data (RT1020-EVK board, HAB closed):

In a windows command window:

I ran gdb. E.g.:

c:\nxp\MCUXpressoIDE_11.0.1_2563\ide\plugins\com.nxp.mcuxpresso.tools.win32_11.0.1.201907311258\tools\bin\arm-none-eabi-gdb.exe

Then I entered these commands:

(gdb) set remotetimeout 100000

(gdb) target extended-remote | c:/nxp/MCUXpressoIDE_11.0.1_2563/ide/plugins/com.nxp.mcuxpresso.tools.bin.win32_11.0.1.201908271452/binaries/crt_emu_cm_redlink.exe -pMIMXRT1021xxxxx -vendor=NXP -x "." -attach --args --probehandle 1

(gdb) set mem inaccessible-by-default off

(gdb) dump binary memory memdump_0x20201000_0x0B80.bin 0x20201000 0x20201B80

You probably don't need the "--probehandle 1" argument if you have only one probe connected. I was going via a LPC-LINK2 probe.

And you don't really need the "--args" argument.

So the file memdump_0x20201000_0x0B80.bin contains the contents of the HAB logs.

You can interpret this file using the following utility that comes with the CST package I downloaded (I ran this from a Ubuntu linux terminal running on windows 10):

<your path>/cst/cst-3.1.0/release/linux64/bin/hab_log_parser -b memdump_0x20201000_0x0B80.bin -o hab_log_parsed.txt

The location of the HAB event log for a particular device is found in the document:

AN12263.pdf, "HABv4 RVT Guidelines and Recommendations, Application Note, Rev. 0, 10/2018"

Section: "3. HAB Persistent Data"

Also to interpret the error events look at:

HAB4_API.pdf, "High Assurance Boot Version 4 Application Programming Interface Reference Manual"

For my case I found these sections helpful: "4.4 Events", "3.3 Check Target"

I hope this helps someone.

rshipman · ‎02-05-2020

Sorry, I forgot to mention that you need to copy in the device specific .xml files to match the crt_emu_cm_redlink.exe -p argument. E.g. from a SDK demo copy in: evkmimxrt1020_iled_blinky/Debug/MIMXRT1021xxxxx*.xml

Note that for the RT1050, extraction of the HAB error log is exactly the same as the RT1020, apart from:

You need different .xml files, e.g. copy in: evkbimxrt1050_iled_blinky/Debug/MIMXRT1052xxxxB*.xml

And you need to change the crt_emu_cm_redlink.exe -p argument to: -pMIMXRT1052xxxxB

(Although I have managed to extract the error log with the wrong .xml and -p settings so the differences between the two setups is probably not relevant to the extraction of the HAB error log. At least for the two eval boards.)

Can I access HAB error logs via JTAG?

Can I access HAB error logs via JTAG?

i.MXRT 102x