i.MX 95 AHAB with U-BOOT#
This notebook describes how to build a bootable AHAB image with ELE firmware and imx-boot bootloader, and how to use NXPELE app.
Note: This guide was updated for silicon revision B0 that uses AHAB container version 2. If silicon revision is A0 or A1, change it in the config files
1. Prerequisites#
SPSDK is needed with examples extension.
pip install spsdk[examples](Please refer to the installation documentation.)This demo was tested with i.MX 95 EVK board with LPDDR5 memory and B0 chip revision.
1.1 Images preparation#
to create resulting binary containing AHAB containers, we need to prepare the binaries
in this section we reproduce the process which is done by the
imx-mkimagetoolObtain all the necessary binaries and put them into inputs directory
1.2 U-Boot#
In order to use the nxpele app, U-Boot must be built with AHAB support. CONFIG_AHAB_BOOT=y If you want to use the nxpele over fastboot, also multiplexing of console output to fastboot must be enabled by setting CONFIG_CONSOLE_MUX=y.
1.3 Requirements#
Prepare YOCTO build and copy files into the inputs directory.
Primary image container set:
ELE firmware
lpddr5 or lpddr4 firmware files with OEI firmware
CM33 OEI TCM
CM33 System manager image
U-Boot SPL
[Optional] M7 application image
Secondary image container set
bl31.bin binary (ARM Trusted Firmware)
U-Boot (built with AHAB support)
TEE binary
2. Bootable image#
The imx-boot image consists of two container sets. The first container set is loaded to OCRAM using the SDPS and SDPV protocol supported by ROM. This set contains the U-Boot SPL binary, ELE firmware, System manager and training data for the DDR controller. The second container set contains the full U-Boot and ATF image and is loaded to DDR by U-Boot SPL.
2.1 Bootable image template#
You can generate the template using the nxpimage bootable-image get-templates command. This will generate all possible templates for building the imx-boot image. You can also use the --template parameter to generate only a specific template folder (possible options can be listed with the command nxpimage bootable-image list-templates).
The following command generates the template folder:
nxpimage bootable-image get-templates -f mimx9596 -t imx_boot_flash_all -o bootable_image_templates
2.2 Exporting of the imx-boot image#
The imx-boot image can be exported using the nxpimage bootable-image export command:
nxpimage bootable-image export -c bootable_image_templates/bootable_image.yaml
3. Exporting of the imx-boot image#
# Let's create a template folder for our EVK board
VERBOSITY = "-v"
FAMILY = "mimx9596"
TEMPLATE_FOLDER = "workspace/bootable_image_template"
BOOTABLE_IMAGE_CONFIG = TEMPLATE_FOLDER + "/bootable_image.yaml"
BOOTABLE_IMAGE = TEMPLATE_FOLDER + "/bootable_image.bin"
%! nxpimage $VERBOSITY bootable-image get-templates -f $FAMILY -t imx_boot_flash_all -b imx95-19x19-lpddr5-evk -o $TEMPLATE_FOLDER --force
nxpimage -v bootable-image get-templates -f mimx9596 -t imx_boot_flash_all -b imx95-19x19-lpddr5-evk -o workspace/bootable_image_template --force
Creating input directory: inputs
Template 'imx_boot_flash_all' generated successfully!
Description: Complete imx-bootloader image
Board: imx95-19x19-lpddr5-evk
Input directory: inputs
Generated files in workspace/bootable_image_template:
- spl.yaml
- uboot.yaml
- bootable_image.yaml
To create the bootable image, run:
nxpimage bootable-image export -c workspace/bootable_image_template/bootable_image.yaml
# Now move your binaries to the generated input folder and check if the names in the configs match the file names
%! nxpimage bootable-image export -c $BOOTABLE_IMAGE_CONFIG
nxpimage bootable-image export -c workspace/bootable_image_template/bootable_image.yaml
Success. (Bootable Image: workspace/bootable_image_template/bootable_image.bin created)
4. Image download#
First we put the iMX95 board into serial downloader mode (1001), and use nxpuuu to upload the bootable-image.bin containing U-Boot and other firmware.
%! nxpuuu $VERBOSITY write -f mimx9596 -b emmc $BOOTABLE_IMAGE
nxpuuu -v write -f mimx9596 -b emmc workspace/bootable_image_template/bootable_image.bin
SDPS: boot -f workspace/bootable_image_template/bootable_image.bin
SDPV: write -f workspace/bootable_image_template/bootable_image.bin -skipspl
SDPV: jump
Success
5. NXPELE#
Now change the boot mode to Cortex-M EMMC 1010 and reset the board. Find the serial port that belongs to U-Boot console and interrupt the boot. When the console is switched to U-Boot menu, we can use the nxpele tool to communicate with the ELE.
%! nxpele -f mimx9596 -p com244 -d uboot_serial get-info
nxpele -f mimx9596 -p com244 -d uboot_serial get-info
ELE get info ends successfully:
Command: 0xda
Version: 3
Length: 256
SoC ID: MX95 - 0x9500
SoC version: B000
Life Cycle: OEM_OPEN - 0x0010
SSSM state: 4
Attest API version: 0
UUID: f42b00351ce84cc29685689681dab20e
SHA256 ROM PATCH: 72d02b666a524aca0a3162accb4c8de7af33083fc2faefb249d87c7de1437c81
SHA256 FW: 065165a3ed9dc3a6a5243d32a7fb57c9b50cfd29fa18ca0f2aed18f5d7fb7038
Advanced information:
OEM SRKH: 0000000000000000000000000000000000000000000000000000000000000000
CSAL state: EdgeLock secure enclave random context initialization succeed - 0x02
TRNG state: TRNG entropy is valid and ready to be read - 0x03
OEM PQC SRKH: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
%! nxpele -f mimx9596 -p com244 -d uboot_serial generate-keyblob DEK -a AES_CBC --key-id 0 --key 00000000000000000000000000000000 --key-size 128
nxpele -f mimx9596 -p com244 -d uboot_serial generate-keyblob DEK -a AES_CBC --key-id 0 --key 00000000000000000000000000000000 --key-size 128
ELE generate DEK key blob ends successfully:
00480081011003008050b7a31704626e9140150222cc2d35d3fe7bd04c436dff19a8fb62103a495110bca27312da786c4515ef79cf0908d41cb9b43b3c3dc6430b4ce2f722878fa8