Apalis iMX8QM ahab_close fails due to outdated SCFW

Hi folks!

We are working on a secure industrial platform for one of our projects, based on the Apalis iMX8QM 4GB IT V1.1B.

We are building our own image using yocto and the txd-reference-minimal-image as a starting point and making changes in the recipes required for our needs.

We are at the stage where we integrated the secure boot into our build environment. We programmed the keys into the efuse, verified that the device checks the integrity of the uboot, which verifies the kernel’s fitImage and everything works.

We would like to force the board to require secure boot, which should be as simple as running the ahab_close command from uboot shell. This would set the iMX8QM ahab_status to OEM_CLOSED. However, there is an error with the Toradex reference image, the same one described in this NXP forum post

Long story short, we are getting an undocumented SECO_EVENT 0x00DAF429 due to an error in the API. The NXP post states that the issue will be fixed if we use the SECO FW 3.8.1 / SCFW 2020q4_p4 available in the SCFW porting kit version 1.7.4. Unfortunately, the current txd-reference-minimal-image contains SCFW based on the porting kit version 1.7.3, as it can be seen in the Toradex embedded linux reference matrix

I already checked how the yocto includes the Toradex SCFW file, so technically, I should be able to create an SCFW based on the 1.7.4 porting kit, but I’d rather wait for the reference image to arrive with the updated version due to the “small modifications” Toradex does to the SCFW.

I can see in the i.MX-System-Controller-Firmware commit history that they have been working on the 1.7.4 bump since a few months ago, but can anybody provide information about when will the reference image use the SCFW built with the porting kit 1.7.4?

Thanks in advance!


FYI, this issue has been solved in Toradex reference minimal image 5.5.0