diff options
author | Breno Lima <breno.lima@nxp.com> | 2019-02-15 16:37:56 -0200 |
---|---|---|
committer | Ye Li <ye.li@nxp.com> | 2019-02-25 21:52:26 -0800 |
commit | 6f93d877e1454024f666a4810d24148cf595429e (patch) | |
tree | 5964f63e76d1db796798b02b03e9305ea4652d3c /doc | |
parent | af03284ad38bd03ef1f0d4942842629db93d2c11 (diff) |
MLK-20935-2 doc: imx: ahab: Include ahab_close command
Since commit 771b824728ca ("MLK-20919 imx8: ahab: Add command to
close the chip") the U-Boot is able to move the lifecycle from
NXP closed to OEM closed.
Update AHAB guides to use U-Boot ahab_close command instead of SCFW CLI.
As the procedure is now independent of SCFW terminal we can remove
this condition from documentation.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt | 23 | ||||
-rw-r--r-- | doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt | 21 |
2 files changed, 17 insertions, 27 deletions
diff --git a/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt b/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt index c587a02d3a..14fb2d68af 100644 --- a/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt +++ b/doc/imx/ahab/guides/mx8_mx8x_secure_boot.txt @@ -27,8 +27,7 @@ following: - SECO firmware downloaded. - U-Boot downloaded and built. Please check section 1.2. - ARM Trusted Firmware (ATF) downloaded and built for your target. -- System Controller Firmware (SCFW) downloaded and built for your board - with debug monitor enabled. +- System Controller Firmware (SCFW). - Kernel image. You should also have downloaded the Code Signing Tool, available on NXP @@ -198,11 +197,7 @@ Write the signed U-Boot image: $ sudo dd if=flash.signed.bin of=/dev/sdX bs=1k seek=32 ; sync Then insert the SD Card into the board and plug your device to your computer -with an USB serial cable. When you power on the board, you should have two -serial consoles: one for U-Boot, another one for SCFW. - -Please note that SCU console may be replaced by the M4 console. In case the M4 -image is needed, a base board will be required to access the SCU console. +with an USB serial cable. 1.5.4 Programming SRK Hash --------------------------- @@ -297,17 +292,17 @@ also be displayed. After the device successfully boots a signed image without generating any SECO security events, it is safe to close the device. The SECO lifecycle -should be changed from 32 (0x20) NXP open to 128 (0x80) OEM closed. Be -aware this step can damage your board if a previous step failed. It is -also irreversible. Run on the SCFW terminal: +should be changed from 0x20 NXP closed to 0x80 OEM closed. Be aware this +step can damage your board if a previous step failed. It is also +irreversible. Run on the U-Boot terminal: - >$ seco lifecycle 16 + => ahab_close -Now reboot the target, and on the same terminal, run: +Now reboot the target, and run: - >$ seco info + => ahab_status -The lifecycle value should now be 128 (0x80) OEM closed. +The lifecycle value should now be 0x80 OEM closed. 2. Authenticating the OS container ----------------------------------- diff --git a/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt b/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt index a22d4924e5..a3f595078d 100644 --- a/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt +++ b/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.txt @@ -23,7 +23,7 @@ for i.MX8/8x device: - SECO Firmware. - U-Boot proper and SPL. (Please refer to section 1.2) - ARM Trusted Firmware (ATF). -- System Controller Firmware (SCFW) with debug monitor enabled. +- System Controller Firmware (SCFW). - Cortex M binary. (Optional) - Kernel image. (Optional) - Code signing tools (CST). @@ -240,11 +240,6 @@ signed flash.bin image can be flashed in the device: $ sudo dd if=signed-flash.bin of=/dev/sd<X> bs=1k seek=32 && sync -For the next steps you should be able to see U-Boot and SCFW consoles in your -host PC. Please note that SCU console may be replaced by the M4 console, in -case the M4 image is needed a base board will be required to access the SCU -console. - 1.6 Programming SRK Hash ------------------------- @@ -339,17 +334,17 @@ also be displayed. After the device successfully boots a signed image without generating any SECO security events, it is safe to close the device. The SECO lifecycle -should be changed from 32 (0x20) NXP open to 128 (0x80) OEM closed. Be -aware this step can damage your board if a previous step failed. It is -also irreversible. Run on the SCFW terminal: +should be changed from 0x20 NXP closed to 0x80 OEM closed. Be aware this +step can damage your board if a previous step failed. It is also +irreversible. Run on the U-Boot terminal: - >$ seco lifecycle 16 + => ahab_close -Now reboot the target, and on the same terminal, run: +Now reboot the target, and run: - >$ seco info + => ahab_status -The lifecycle value should now be 128 (0x80) OEM closed. +The lifecycle value should now be 0x80 OEM closed. 2. Authenticating the OS container ----------------------------------- |