When booting in low power or dual boot modes the M4 binary is
authenticated by the M4 ROM code.
Add an option in hab_status command so users can retrieve M4 HAB
failure and warning events.
=> hab_status m4
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
Add command documentation in mx6_mx7_secure_boot.txt guide.
As HAB M4 API cannot be called from A7 core the code is parsing
the M4 HAB persistent memory region. The HAB persistent memory
stores HAB events, public keys and others HAB related information.
The HAB persistent memory region addresses and sizes can be found
in AN12263 "HABv4 RVT Guidelines and Recommendations".
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
(cherry picked from commit 0efff16579fabcf57acb9c8857afac8fb58de355)
Starting in L4.14.78 release, the OP-TEE CAAM driver does not set the
JROWN_NS field in case LMID is locked.
We need to include the Unlock MID command in CSF file otherwise device
will fail to boot in HAB closed mode.
Add section to avoid crash when OP-TEE is enabled.
Reported-by: Frank Zhang <frank.zhang@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit af03284ad38bd03ef1f0d4942842629db93d2c11)
The set_priblob_bitfield command is enabled by selecting
CONFIG_CMD_PRIBLOB.
Fix typo in mx6_mx7_encrypted_boot.txt guide.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
(cherry picked from commit 99f9696ef5f7d1c0f93b7d910e884890fca6c973)
There is no need to have an extra hab directory under doc/imx/:
- doc/imx/hab/ahab/
- doc/imx/hab/habv4/
Remove extra hab directory for a cleaner documentation structure.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Breno Lima