From: Ye Li <ye.li@nxp.com>
Date: Mon, 30 Jan 2023 10:39:52 +0000 (+0800)
Subject: imx: ahab: Move imx9 and imx8ulp AHAB support together
X-Git-Tag: baikal/mips/sdk6.2~4^2~3^2~175^2~16^2~68
X-Git-Url: https://git.baikalelectronics.ru/sdk/?a=commitdiff_plain;h=8c7d5462a59d681547d3b2ab23c59841e0b83b92;p=uboot.git

imx: ahab: Move imx9 and imx8ulp AHAB support together

Use common file ele_ahab.c for i.MX9 and iMX8ULP AHAB support, since
both of them use same sentinel ELE APIs

Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
---

diff --git a/arch/arm/include/asm/arch-imx8ulp/imx-regs.h b/arch/arm/include/asm/arch-imx8ulp/imx-regs.h
index 9a5d76e210..a038cc1df3 100644
--- a/arch/arm/include/asm/arch-imx8ulp/imx-regs.h
+++ b/arch/arm/include/asm/arch-imx8ulp/imx-regs.h
@@ -63,6 +63,8 @@
 
 #define FEC_QUIRK_ENET_MAC
 
+#define IMG_CONTAINER_BASE             (0x22010000UL)
+
 #if !(defined(__KERNEL_STRICT_NAMES) || defined(__ASSEMBLY__))
 #include <asm/types.h>
 
diff --git a/arch/arm/include/asm/arch-imx9/imx-regs.h b/arch/arm/include/asm/arch-imx9/imx-regs.h
index f575805c7d..065fd1f96d 100644
--- a/arch/arm/include/asm/arch-imx9/imx-regs.h
+++ b/arch/arm/include/asm/arch-imx9/imx-regs.h
@@ -40,6 +40,8 @@
 #define SRC_MIX_SLICE_FUNC_STAT_ISO_STAT BIT(4)
 #define SRC_MIX_SLICE_FUNC_STAT_MEM_STAT BIT(12)
 
+#define IMG_CONTAINER_BASE             (0x80000000UL)
+
 #define BCTRL_GPR_ENET_QOS_INTF_MODE_MASK        GENMASK(3, 1)
 #define BCTRL_GPR_ENET_QOS_INTF_SEL_MII          (0x0 << 1)
 #define BCTRL_GPR_ENET_QOS_INTF_SEL_RMII         (0x4 << 1)
diff --git a/arch/arm/mach-imx/Makefile b/arch/arm/mach-imx/Makefile
index 4dfc60eedc..9bcb23c4da 100644
--- a/arch/arm/mach-imx/Makefile
+++ b/arch/arm/mach-imx/Makefile
@@ -77,6 +77,10 @@ ifeq ($(CONFIG_SPL_BUILD),y)
 obj-$(CONFIG_SPL_LOAD_IMX_CONTAINER) += image-container.o parse-container.o
 endif
 
+ifeq ($(SOC),$(filter $(SOC),imx8ulp imx9))
+obj-$(CONFIG_AHAB_BOOT) += ele_ahab.o
+endif
+
 PLUGIN = board/$(BOARDDIR)/plugin
 
 ifeq ($(CONFIG_USE_IMXIMG_PLUGIN),y)
diff --git a/arch/arm/mach-imx/ele_ahab.c b/arch/arm/mach-imx/ele_ahab.c
new file mode 100644
index 0000000000..da8c99b8b0
--- /dev/null
+++ b/arch/arm/mach-imx/ele_ahab.c
@@ -0,0 +1,579 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2022 NXP
+ */
+
+#include <common.h>
+#include <command.h>
+#include <errno.h>
+#include <asm/io.h>
+#include <asm/mach-imx/s400_api.h>
+#include <asm/mach-imx/sys_proto.h>
+#include <asm/arch-imx/cpu.h>
+#include <asm/arch/sys_proto.h>
+#include <asm/mach-imx/image.h>
+#include <console.h>
+#include <cpu_func.h>
+#include <asm/mach-imx/ahab.h>
+#include <asm/global_data.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+#define IMG_CONTAINER_END_BASE         (IMG_CONTAINER_BASE + 0xFFFFUL)
+
+#define AHAB_MAX_EVENTS 8
+
+static char *ele_ipc_str[] = {
+	"IPC = MU RTD (0x1)\n",
+	"IPC = MU APD (0x2)\n",
+	"IPC = INVALID\n",
+	NULL
+};
+
+static char *ele_status_str[] = {
+	"STA = ELE_SUCCESS_IND (0xD6)\n",
+	"STA = ELE_FAILURE_IND (0x29)\n",
+	"STA = INVALID\n",
+	NULL
+};
+
+static char *ele_cmd_str[] = {
+	"CMD = ELE_PING_REQ (0x01)\n",
+	"CMD = ELE_FW_AUTH_REQ (0x02)\n",
+	"CMD = ELE_RESTART_RST_TIMER_REQ (0x04)\n",
+	"CMD = ELE_DUMP_DEBUG_BUFFER_REQ (0x21)\n",
+	"CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)\n",
+	"CMD = ELE_VERIFY_IMAGE_REQ (0x88)\n",
+	"CMD = ELE_RELEASE_CONTAINER_REQ (0x89)\n",
+	"CMD = ELE_WRITE_SECURE_FUSE_REQ (0x91)\n",
+	"CMD = ELE_FWD_LIFECYCLE_UP_REQ (0x95)\n",
+	"CMD = ELE_READ_FUSE_REQ (0x97)\n",
+	"CMD = ELE_GET_FW_VERSION_REQ (0x9D)\n",
+	"CMD = ELE_RET_LIFECYCLE_UP_REQ (0xA0)\n",
+	"CMD = ELE_GET_EVENTS_REQ (0xA2)\n",
+	"CMD = ELE_ENABLE_PATCH_REQ (0xC3)\n",
+	"CMD = ELE_RELEASE_RDC_REQ (0xC4)\n",
+	"CMD = ELE_GET_FW_STATUS_REQ (0xC5)\n",
+	"CMD = ELE_ENABLE_OTFAD_REQ (0xC6)\n",
+	"CMD = ELE_RESET_REQ (0xC7)\n",
+	"CMD = ELE_UPDATE_OTP_CLKDIV_REQ (0xD0)\n",
+	"CMD = ELE_POWER_DOWN_REQ (0xD1)\n",
+	"CMD = ELE_ENABLE_APC_REQ (0xD2)\n",
+	"CMD = ELE_ENABLE_RTC_REQ (0xD3)\n",
+	"CMD = ELE_DEEP_POWER_DOWN_REQ (0xD4)\n",
+	"CMD = ELE_STOP_RST_TIMER_REQ (0xD5)\n",
+	"CMD = ELE_WRITE_FUSE_REQ (0xD6)\n",
+	"CMD = ELE_RELEASE_CAAM_REQ (0xD7)\n",
+	"CMD = ELE_RESET_A35_CTX_REQ (0xD8)\n",
+	"CMD = ELE_MOVE_TO_UNSECURED_REQ (0xD9)\n",
+	"CMD = ELE_GET_INFO_REQ (0xDA)\n",
+	"CMD = ELE_ATTEST_REQ (0xDB)\n",
+	"CMD = ELE_RELEASE_PATCH_REQ (0xDC)\n",
+	"CMD = ELE_OTP_SEQ_SWITH_REQ (0xDD)\n",
+	"CMD = INVALID\n",
+	NULL
+};
+
+static char *ele_ind_str[] = {
+	"IND = ELE_ROM_PING_FAILURE_IND (0x0A)\n",
+	"IND = ELE_FW_PING_FAILURE_IND (0x1A)\n",
+	"IND = ELE_BAD_SIGNATURE_FAILURE_IND (0xF0)\n",
+	"IND = ELE_BAD_HASH_FAILURE_IND (0xF1)\n",
+	"IND = ELE_INVALID_LIFECYCLE_IND (0xF2)\n",
+	"IND = ELE_PERMISSION_DENIED_FAILURE_IND (0xF3)\n",
+	"IND = ELE_INVALID_MESSAGE_FAILURE_IND (0xF4)\n",
+	"IND = ELE_BAD_VALUE_FAILURE_IND (0xF5)\n",
+	"IND = ELE_BAD_FUSE_ID_FAILURE_IND (0xF6)\n",
+	"IND = ELE_BAD_CONTAINER_FAILURE_IND (0xF7)\n",
+	"IND = ELE_BAD_VERSION_FAILURE_IND (0xF8)\n",
+	"IND = ELE_INVALID_KEY_FAILURE_IND (0xF9)\n",
+	"IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA)\n",
+	"IND = ELE_NO_VALID_CONTAINER_FAILURE_IND (0xFB)\n",
+	"IND = ELE_BAD_CERTIFICATE_FAILURE_IND (0xFC)\n",
+	"IND = ELE_BAD_UID_FAILURE_IND (0xFD)\n",
+	"IND = ELE_BAD_MONOTONIC_COUNTER_FAILURE_IND (0xFE)\n",
+	"IND = ELE_MUST_SIGNED_FAILURE_IND (0xE0)\n",
+	"IND = ELE_NO_AUTHENTICATION_FAILURE_IND (0xEE)\n",
+	"IND = ELE_BAD_SRK_SET_FAILURE_IND (0xEF)\n",
+	"IND = ELE_UNALIGNED_PAYLOAD_FAILURE_IND (0xA6)\n",
+	"IND = ELE_WRONG_SIZE_FAILURE_IND (0xA7)\n",
+	"IND = ELE_ENCRYPTION_FAILURE_IND (0xA8)\n",
+	"IND = ELE_DECRYPTION_FAILURE_IND (0xA9)\n",
+	"IND = ELE_OTP_PROGFAIL_FAILURE_IND (0xAA)\n",
+	"IND = ELE_OTP_LOCKED_FAILURE_IND (0xAB)\n",
+	"IND = ELE_OTP_INVALID_IDX_FAILURE_IND (0xAD)\n",
+	"IND = ELE_TIME_OUT_FAILURE_IND (0xB0)\n",
+	"IND = ELE_BAD_PAYLOAD_FAILURE_IND (0xB1)\n",
+	"IND = ELE_WRONG_ADDRESS_FAILURE_IND (0xB4)\n",
+	"IND = ELE_DMA_FAILURE_IND (0xB5)\n",
+	"IND = ELE_DISABLED_FEATURE_FAILURE_IND (0xB6)\n",
+	"IND = ELE_MUST_ATTEST_FAILURE_IND (0xB7)\n",
+	"IND = ELE_RNG_NOT_STARTED_FAILURE_IND (0xB8)\n",
+	"IND = ELE_CRC_ERROR_IND (0xB9)\n",
+	"IND = ELE_AUTH_SKIPPED_OR_FAILED_FAILURE_IND (0xBB)\n",
+	"IND = ELE_INCONSISTENT_PAR_FAILURE_IND (0xBC)\n",
+	"IND = ELE_RNG_INST_FAILURE_FAILURE_IND (0xBD)\n",
+	"IND = ELE_LOCKED_REG_FAILURE_IND (0xBE)\n",
+	"IND = ELE_BAD_ID_FAILURE_IND (0xBF)\n",
+	"IND = ELE_INVALID_OPERATION_FAILURE_IND (0xC0)\n",
+	"IND = ELE_NON_SECURE_STATE_FAILURE_IND (0xC1)\n",
+	"IND = ELE_MSG_TRUNCATED_IND (0xC2)\n",
+	"IND = ELE_BAD_IMAGE_NUM_FAILURE_IND (0xC3)\n",
+	"IND = ELE_BAD_IMAGE_ADDR_FAILURE_IND (0xC4)\n",
+	"IND = ELE_BAD_IMAGE_PARAM_FAILURE_IND (0xC5)\n",
+	"IND = ELE_BAD_IMAGE_TYPE_FAILURE_IND (0xC6)\n",
+	"IND = ELE_CORRUPTED_SRK_FAILURE_IND (0xD0)\n",
+	"IND = ELE_OUT_OF_MEMORY_IND (0xD1)\n",
+	"IND = ELE_CSTM_FAILURE_IND (0xCF)\n",
+	"IND = ELE_OLD_VERSION_FAILURE_IND (0xCE)\n",
+	"IND = ELE_WRONG_BOOT_MODE_FAILURE_IND (0xCD)\n",
+	"IND = ELE_APC_ALREADY_ENABLED_FAILURE_IND (0xCB)\n",
+	"IND = ELE_RTC_ALREADY_ENABLED_FAILURE_IND (0xCC)\n",
+	"IND = ELE_ABORT_IND (0xFF)\n",
+	"IND = INVALID\n",
+	NULL
+};
+
+static u8 ele_cmd[] = {
+	ELE_PING_REQ,
+	ELE_FW_AUTH_REQ,
+	ELE_RESTART_RST_TIMER_REQ,
+	ELE_DUMP_DEBUG_BUFFER_REQ,
+	ELE_OEM_CNTN_AUTH_REQ,
+	ELE_VERIFY_IMAGE_REQ,
+	ELE_RELEASE_CONTAINER_REQ,
+	ELE_WRITE_SECURE_FUSE_REQ,
+	ELE_FWD_LIFECYCLE_UP_REQ,
+	ELE_READ_FUSE_REQ,
+	ELE_GET_FW_VERSION_REQ,
+	ELE_RET_LIFECYCLE_UP_REQ,
+	ELE_GET_EVENTS_REQ,
+	ELE_ENABLE_PATCH_REQ,
+	ELE_RELEASE_RDC_REQ,
+	ELE_GET_FW_STATUS_REQ,
+	ELE_ENABLE_OTFAD_REQ,
+	ELE_RESET_REQ,
+	ELE_UPDATE_OTP_CLKDIV_REQ,
+	ELE_POWER_DOWN_REQ,
+	ELE_ENABLE_APC_REQ,
+	ELE_ENABLE_RTC_REQ,
+	ELE_DEEP_POWER_DOWN_REQ,
+	ELE_STOP_RST_TIMER_REQ,
+	ELE_WRITE_FUSE_REQ,
+	ELE_RELEASE_CAAM_REQ,
+	ELE_RESET_A35_CTX_REQ,
+	ELE_MOVE_TO_UNSECURED_REQ,
+	ELE_GET_INFO_REQ,
+	ELE_ATTEST_REQ,
+	ELE_RELEASE_PATCH_REQ,
+	ELE_OTP_SEQ_SWITH_REQ
+};
+
+static u8 ele_ind[] = {
+	ELE_ROM_PING_FAILURE_IND,
+	ELE_FW_PING_FAILURE_IND,
+	ELE_BAD_SIGNATURE_FAILURE_IND,
+	ELE_BAD_HASH_FAILURE_IND,
+	ELE_INVALID_LIFECYCLE_IND,
+	ELE_PERMISSION_DENIED_FAILURE_IND,
+	ELE_INVALID_MESSAGE_FAILURE_IND,
+	ELE_BAD_VALUE_FAILURE_IND,
+	ELE_BAD_FUSE_ID_FAILURE_IND,
+	ELE_BAD_CONTAINER_FAILURE_IND,
+	ELE_BAD_VERSION_FAILURE_IND,
+	ELE_INVALID_KEY_FAILURE_IND,
+	ELE_BAD_KEY_HASH_FAILURE_IND,
+	ELE_NO_VALID_CONTAINER_FAILURE_IND,
+	ELE_BAD_CERTIFICATE_FAILURE_IND,
+	ELE_BAD_UID_FAILURE_IND,
+	ELE_BAD_MONOTONIC_COUNTER_FAILURE_IND,
+	ELE_MUST_SIGNED_FAILURE_IND,
+	ELE_NO_AUTHENTICATION_FAILURE_IND,
+	ELE_BAD_SRK_SET_FAILURE_IND,
+	ELE_UNALIGNED_PAYLOAD_FAILURE_IND,
+	ELE_WRONG_SIZE_FAILURE_IND,
+	ELE_ENCRYPTION_FAILURE_IND,
+	ELE_DECRYPTION_FAILURE_IND,
+	ELE_OTP_PROGFAIL_FAILURE_IND,
+	ELE_OTP_LOCKED_FAILURE_IND,
+	ELE_OTP_INVALID_IDX_FAILURE_IND,
+	ELE_TIME_OUT_FAILURE_IND,
+	ELE_BAD_PAYLOAD_FAILURE_IND,
+	ELE_WRONG_ADDRESS_FAILURE_IND,
+	ELE_DMA_FAILURE_IND,
+	ELE_DISABLED_FEATURE_FAILURE_IND,
+	ELE_MUST_ATTEST_FAILURE_IND,
+	ELE_RNG_NOT_STARTED_FAILURE_IND,
+	ELE_CRC_ERROR_IND,
+	ELE_AUTH_SKIPPED_OR_FAILED_FAILURE_IND,
+	ELE_INCONSISTENT_PAR_FAILURE_IND,
+	ELE_RNG_INST_FAILURE_FAILURE_IND,
+	ELE_LOCKED_REG_FAILURE_IND,
+	ELE_BAD_ID_FAILURE_IND,
+	ELE_INVALID_OPERATION_FAILURE_IND,
+	ELE_NON_SECURE_STATE_FAILURE_IND,
+	ELE_MSG_TRUNCATED_IND,
+	ELE_BAD_IMAGE_NUM_FAILURE_IND,
+	ELE_BAD_IMAGE_ADDR_FAILURE_IND,
+	ELE_BAD_IMAGE_PARAM_FAILURE_IND,
+	ELE_BAD_IMAGE_TYPE_FAILURE_IND,
+	ELE_CORRUPTED_SRK_FAILURE_IND,
+	ELE_OUT_OF_MEMORY_IND,
+	ELE_CSTM_FAILURE_IND,
+	ELE_OLD_VERSION_FAILURE_IND,
+	ELE_WRONG_BOOT_MODE_FAILURE_IND,
+	ELE_APC_ALREADY_ENABLED_FAILURE_IND,
+	ELE_RTC_ALREADY_ENABLED_FAILURE_IND,
+	ELE_ABORT_IND
+};
+
+static u8 ele_ipc[] = {
+	ELE_IPC_MU_RTD,
+	ELE_IPC_MU_APD
+};
+
+static u8 ele_status[] = {
+	ELE_SUCCESS_IND,
+	ELE_FAILURE_IND
+};
+
+static inline u32 get_idx(u8 *list, u8 tgt, u32 size)
+{
+	u32 i;
+
+	for (i = 0; i < size; i++) {
+		if (list[i] == tgt)
+			return i;
+	}
+
+	return i; /* last str is invalid */
+}
+
+static void display_ahab_auth_ind(u32 event)
+{
+	u8 resp_ind = (event >> 8) & 0xff;
+
+	printf("%s\n", ele_ind_str[get_idx(ele_ind, resp_ind, ARRAY_SIZE(ele_ind))]);
+}
+
+int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length)
+{
+	int err;
+	u32 resp;
+
+	memcpy((void *)IMG_CONTAINER_BASE, (const void *)container,
+	       ALIGN(length, CONFIG_SYS_CACHELINE_SIZE));
+
+	flush_dcache_range(IMG_CONTAINER_BASE,
+			   IMG_CONTAINER_BASE + ALIGN(length, CONFIG_SYS_CACHELINE_SIZE) - 1);
+
+	err = ahab_auth_oem_ctnr(IMG_CONTAINER_BASE, &resp);
+	if (err) {
+		printf("Authenticate container hdr failed, return %d, resp 0x%x\n",
+		       err, resp);
+		display_ahab_auth_ind(resp);
+	}
+
+	return err;
+}
+
+int ahab_auth_release(void)
+{
+	int err;
+	u32 resp;
+
+	err = ahab_release_container(&resp);
+	if (err) {
+		printf("Error: release container failed, resp 0x%x!\n", resp);
+		display_ahab_auth_ind(resp);
+	}
+
+	return err;
+}
+
+int ahab_verify_cntr_image(struct boot_img_t *img, int image_index)
+{
+	int err;
+	u32 resp;
+
+	err = ahab_verify_image(image_index, &resp);
+	if (err) {
+		printf("Authenticate img %d failed, return %d, resp 0x%x\n",
+		       image_index, err, resp);
+		display_ahab_auth_ind(resp);
+
+		return -EIO;
+	}
+
+	return 0;
+}
+
+static inline bool check_in_dram(ulong addr)
+{
+	int i;
+	struct bd_info *bd = gd->bd;
+
+	for (i = 0; i < CONFIG_NR_DRAM_BANKS; ++i) {
+		if (bd->bi_dram[i].size) {
+			if (addr >= bd->bi_dram[i].start &&
+			    addr < (bd->bi_dram[i].start + bd->bi_dram[i].size))
+				return true;
+		}
+	}
+
+	return false;
+}
+
+int authenticate_os_container(ulong addr)
+{
+	struct container_hdr *phdr;
+	int i, ret = 0;
+	int err;
+	u16 length;
+	struct boot_img_t *img;
+	unsigned long s, e;
+
+	if (addr % 4) {
+		puts("Error: Image's address is not 4 byte aligned\n");
+		return -EINVAL;
+	}
+
+	if (!check_in_dram(addr)) {
+		puts("Error: Image's address is invalid\n");
+		return -EINVAL;
+	}
+
+	phdr = (struct container_hdr *)addr;
+	if (phdr->tag != 0x87 || phdr->version != 0x0) {
+		printf("Error: Wrong container header\n");
+		return -EFAULT;
+	}
+
+	if (!phdr->num_images) {
+		printf("Error: Wrong container, no image found\n");
+		return -EFAULT;
+	}
+
+	length = phdr->length_lsb + (phdr->length_msb << 8);
+
+	debug("container length %u\n", length);
+
+	err = ahab_auth_cntr_hdr(phdr, length);
+	if (err) {
+		ret = -EIO;
+		goto exit;
+	}
+
+	debug("Verify images\n");
+
+	/* Copy images to dest address */
+	for (i = 0; i < phdr->num_images; i++) {
+		img = (struct boot_img_t *)(addr +
+					    sizeof(struct container_hdr) +
+					    i * sizeof(struct boot_img_t));
+
+		debug("img %d, dst 0x%x, src 0x%lx, size 0x%x\n",
+		      i, (uint32_t)img->dst, img->offset + addr, img->size);
+
+		memcpy((void *)img->dst, (const void *)(img->offset + addr),
+		       img->size);
+
+		s = img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1);
+		e = ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE) - 1;
+
+		flush_dcache_range(s, e);
+
+		ret = ahab_verify_cntr_image(img, i);
+		if (ret)
+			goto exit;
+	}
+
+exit:
+	debug("ahab_auth_release, 0x%x\n", ret);
+	ahab_auth_release();
+
+	return ret;
+}
+
+static int do_authenticate(struct cmd_tbl *cmdtp, int flag, int argc,
+			   char *const argv[])
+{
+	ulong addr;
+
+	if (argc < 2)
+		return CMD_RET_USAGE;
+
+	addr = simple_strtoul(argv[1], NULL, 16);
+
+	printf("Authenticate OS container at 0x%lx\n", addr);
+
+	if (authenticate_os_container(addr))
+		return CMD_RET_FAILURE;
+
+	return CMD_RET_SUCCESS;
+}
+
+static void display_life_cycle(u32 lc)
+{
+	printf("Lifecycle: 0x%08X, ", lc);
+	switch (lc) {
+	case 0x1:
+		printf("BLANK\n\n");
+		break;
+	case 0x2:
+		printf("FAB\n\n");
+		break;
+	case 0x4:
+		printf("NXP Provisioned\n\n");
+		break;
+	case 0x8:
+		printf("OEM Open\n\n");
+		break;
+	case 0x10:
+		printf("OEM Secure World Closed\n\n");
+		break;
+	case 0x20:
+		printf("OEM closed\n\n");
+		break;
+	case 0x40:
+		printf("Field Return OEM\n\n");
+		break;
+	case 0x80:
+		printf("Field Return NXP\n\n");
+		break;
+	case 0x100:
+		printf("OEM Locked\n\n");
+		break;
+	case 0x200:
+		printf("BRICKED\n\n");
+		break;
+	default:
+		printf("Unknown\n\n");
+		break;
+	}
+}
+
+static int confirm_close(void)
+{
+	puts("Warning: Please ensure your sample is in NXP closed state, "
+	     "OEM SRK hash has been fused, \n"
+	     "         and you are able to boot a signed image successfully "
+	     "without any SECO events reported.\n"
+	     "         If not, your sample will be unrecoverable.\n"
+	     "\nReally perform this operation? <y/N>\n");
+
+	if (confirm_yesno())
+		return 1;
+
+	puts("Ahab close aborted\n");
+	return 0;
+}
+
+static int do_ahab_close(struct cmd_tbl *cmdtp, int flag, int argc,
+			 char *const argv[])
+{
+	int err;
+	u32 resp;
+
+	if (!confirm_close())
+		return -EACCES;
+
+	err = ahab_forward_lifecycle(8, &resp);
+	if (err != 0) {
+		printf("Error in forward lifecycle to OEM closed\n");
+		return -EIO;
+	}
+
+	printf("Change to OEM closed successfully\n");
+
+	return 0;
+}
+
+int ahab_dump(void)
+{
+	u32 buffer[32];
+	int ret, i = 0;
+
+	do {
+		ret = ahab_dump_buffer(buffer, 32);
+		if (ret < 0) {
+			printf("Error in dump AHAB log\n");
+			return -EIO;
+		}
+
+		if (ret == 1)
+			break;
+		for (i = 0; i < ret; i++)
+			printf("0x%x\n", buffer[i]);
+	} while (ret >= 21);
+
+	return 0;
+}
+
+static int do_ahab_dump(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
+{
+	return ahab_dump();
+}
+
+static void display_event(u32 event)
+{
+	printf("\n\t0x%08x\n", event);
+	printf("\t%s", ele_ipc_str[get_idx(ele_ipc,
+		(event >> 24) & 0xFF, ARRAY_SIZE(ele_ipc))]);
+	printf("\t%s", ele_cmd_str[get_idx(ele_cmd,
+		(event >> 16) & 0xFF, ARRAY_SIZE(ele_cmd))]);
+	printf("\t%s", ele_ind_str[get_idx(ele_ind,
+		(event >> 8) & 0xFF, ARRAY_SIZE(ele_ind))]);
+	printf("\t%s", ele_status_str[get_idx(ele_status,
+		event & 0xFF, ARRAY_SIZE(ele_status))]);
+}
+
+static int do_ahab_status(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
+{
+	u32 lc, i;
+	u32 events[AHAB_MAX_EVENTS];
+	u32 cnt = AHAB_MAX_EVENTS;
+	int ret;
+
+	lc = readl(FSB_BASE_ADDR + 0x41c);
+	lc &= 0x3ff;
+
+	display_life_cycle(lc);
+
+	ret = ahab_get_events(events, &cnt, NULL);
+	if (ret) {
+		printf("Get ELE EVENTS error %d\n", ret);
+		return CMD_RET_FAILURE;
+	}
+
+	if (!cnt) {
+		puts("\n\tNo Events Found!\n");
+		return 0;
+	}
+
+	for (i = 0; i < cnt; i++)
+		display_event(events[i]);
+
+	return 0;
+}
+
+U_BOOT_CMD(auth_cntr, CONFIG_SYS_MAXARGS, 1, do_authenticate,
+	   "autenticate OS container via AHAB",
+	   "addr\n"
+	   "addr - OS container hex address\n"
+);
+
+U_BOOT_CMD(ahab_close, CONFIG_SYS_MAXARGS, 1, do_ahab_close,
+	   "Change AHAB lifecycle to OEM closed",
+	   ""
+);
+
+U_BOOT_CMD(ahab_dump, CONFIG_SYS_MAXARGS, 1, do_ahab_dump,
+	   "Dump AHAB log for debug",
+	   ""
+);
+
+U_BOOT_CMD(ahab_status, CONFIG_SYS_MAXARGS, 1, do_ahab_status,
+	   "display AHAB lifecycle only",
+	   ""
+);
diff --git a/arch/arm/mach-imx/imx8ulp/ahab.c b/arch/arm/mach-imx/imx8ulp/ahab.c
deleted file mode 100644
index 87c4c66a08..0000000000
--- a/arch/arm/mach-imx/imx8ulp/ahab.c
+++ /dev/null
@@ -1,345 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0+
-/*
- * Copyright 2020 NXP
- */
-
-#include <common.h>
-#include <command.h>
-#include <errno.h>
-#include <asm/io.h>
-#include <asm/mach-imx/s400_api.h>
-#include <asm/mach-imx/sys_proto.h>
-#include <asm/arch-imx/cpu.h>
-#include <asm/arch/sys_proto.h>
-#include <asm/mach-imx/image.h>
-#include <console.h>
-#include <cpu_func.h>
-#include <asm/mach-imx/ahab.h>
-#include <asm/global_data.h>
-
-DECLARE_GLOBAL_DATA_PTR;
-
-#define IMG_CONTAINER_BASE             (0x22010000UL)
-#define IMG_CONTAINER_END_BASE         (IMG_CONTAINER_BASE + 0xFFFFUL)
-
-#define AHAB_NO_AUTHENTICATION_IND 0xee
-#define AHAB_BAD_KEY_HASH_IND 0xfa
-#define AHAB_INVALID_KEY_IND 0xf9
-#define AHAB_BAD_SIGNATURE_IND 0xf0
-#define AHAB_BAD_HASH_IND 0xf1
-
-static void display_ahab_auth_ind(u32 event)
-{
-	u8 resp_ind = (event >> 8) & 0xff;
-
-	switch (resp_ind) {
-	case AHAB_NO_AUTHENTICATION_IND:
-		printf("AHAB_NO_AUTHENTICATION_IND (0x%02X)\n\n", resp_ind);
-		break;
-	case AHAB_BAD_KEY_HASH_IND:
-		printf("AHAB_BAD_KEY_HASH_IND (0x%02X)\n\n", resp_ind);
-		break;
-	case AHAB_INVALID_KEY_IND:
-		printf("AHAB_INVALID_KEY_IND (0x%02X)\n\n", resp_ind);
-		break;
-	case AHAB_BAD_SIGNATURE_IND:
-		printf("AHAB_BAD_SIGNATURE_IND (0x%02X)\n\n", resp_ind);
-		break;
-	case AHAB_BAD_HASH_IND:
-		printf("AHAB_BAD_HASH_IND (0x%02X)\n\n", resp_ind);
-		break;
-	default:
-		printf("Unknown Indicator (0x%02X)\n\n", resp_ind);
-		break;
-	}
-}
-
-int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length)
-{
-	int err;
-	u32 resp;
-
-	memcpy((void *)IMG_CONTAINER_BASE, (const void *)container,
-	       ALIGN(length, CONFIG_SYS_CACHELINE_SIZE));
-
-	flush_dcache_range(IMG_CONTAINER_BASE,
-			   IMG_CONTAINER_BASE + ALIGN(length, CONFIG_SYS_CACHELINE_SIZE) - 1);
-
-	err = ahab_auth_oem_ctnr(IMG_CONTAINER_BASE, &resp);
-	if (err) {
-		printf("Authenticate container hdr failed, return %d, resp 0x%x\n",
-		       err, resp);
-		display_ahab_auth_ind(resp);
-	}
-
-	return err;
-}
-
-int ahab_auth_release(void)
-{
-	int err;
-	u32 resp;
-
-	err = ahab_release_container(&resp);
-	if (err) {
-		printf("Error: release container failed, resp 0x%x!\n", resp);
-		display_ahab_auth_ind(resp);
-	}
-
-	return err;
-}
-
-int ahab_verify_cntr_image(struct boot_img_t *img, int image_index)
-{
-	int err;
-	u32 resp;
-
-	err = ahab_verify_image(image_index, &resp);
-	if (err) {
-		printf("Authenticate img %d failed, return %d, resp 0x%x\n",
-		       image_index, err, resp);
-		display_ahab_auth_ind(resp);
-		return -EIO;
-	}
-
-	return 0;
-}
-
-static inline bool check_in_dram(ulong addr)
-{
-	int i;
-	struct bd_info *bd = gd->bd;
-
-	for (i = 0; i < CONFIG_NR_DRAM_BANKS; ++i) {
-		if (bd->bi_dram[i].size) {
-			if (addr >= bd->bi_dram[i].start &&
-			    addr < (bd->bi_dram[i].start + bd->bi_dram[i].size))
-				return true;
-		}
-	}
-
-	return false;
-}
-
-int authenticate_os_container(ulong addr)
-{
-	struct container_hdr *phdr;
-	int i, ret = 0;
-	int err;
-	u16 length;
-	struct boot_img_t *img;
-	unsigned long s, e;
-
-	if (addr % 4) {
-		puts("Error: Image's address is not 4 byte aligned\n");
-		return -EINVAL;
-	}
-
-	if (!check_in_dram(addr)) {
-		puts("Error: Image's address is invalid\n");
-		return -EINVAL;
-	}
-
-	phdr = (struct container_hdr *)addr;
-	if (phdr->tag != 0x87 || phdr->version != 0x0) {
-		printf("Error: Wrong container header\n");
-		return -EFAULT;
-	}
-
-	if (!phdr->num_images) {
-		printf("Error: Wrong container, no image found\n");
-		return -EFAULT;
-	}
-
-	length = phdr->length_lsb + (phdr->length_msb << 8);
-
-	debug("container length %u\n", length);
-
-	err = ahab_auth_cntr_hdr(phdr, length);
-	if (err) {
-		ret = -EIO;
-		goto exit;
-	}
-
-	debug("Verify images\n");
-
-	/* Copy images to dest address */
-	for (i = 0; i < phdr->num_images; i++) {
-		img = (struct boot_img_t *)(addr +
-					    sizeof(struct container_hdr) +
-					    i * sizeof(struct boot_img_t));
-
-		debug("img %d, dst 0x%x, src 0x%lx, size 0x%x\n",
-		      i, (uint32_t)img->dst, img->offset + addr, img->size);
-
-		memcpy((void *)img->dst, (const void *)(img->offset + addr), img->size);
-
-		s = img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1);
-		e = ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE) - 1;
-
-		flush_dcache_range(s, e);
-
-		ret = ahab_verify_cntr_image(img, i);
-		if (ret)
-			goto exit;
-	}
-
-exit:
-	debug("ahab_auth_release, 0x%x\n", ret);
-	ahab_auth_release();
-
-	return ret;
-}
-
-static int do_authenticate(struct cmd_tbl *cmdtp, int flag, int argc,
-			   char *const argv[])
-{
-	ulong addr;
-
-	if (argc < 2)
-		return CMD_RET_USAGE;
-
-	addr = simple_strtoul(argv[1], NULL, 16);
-
-	printf("Authenticate OS container at 0x%lx\n", addr);
-
-	if (authenticate_os_container(addr))
-		return CMD_RET_FAILURE;
-
-	return CMD_RET_SUCCESS;
-}
-
-static void display_life_cycle(u32 lc)
-{
-	printf("Lifecycle: 0x%08X, ", lc);
-	switch (lc) {
-	case 0x1:
-		printf("BLANK\n\n");
-		break;
-	case 0x2:
-		printf("FAB\n\n");
-		break;
-	case 0x4:
-		printf("NXP Provisioned\n\n");
-		break;
-	case 0x8:
-		printf("OEM Open\n\n");
-		break;
-	case 0x10:
-		printf("OEM Secure World Closed\n\n");
-		break;
-	case 0x20:
-		printf("OEM closed\n\n");
-		break;
-	case 0x40:
-		printf("Field Return OEM\n\n");
-		break;
-	case 0x80:
-		printf("Field Return NXP\n\n");
-		break;
-	case 0x100:
-		printf("OEM Locked\n\n");
-		break;
-	case 0x200:
-		printf("BRICKED\n\n");
-		break;
-	default:
-		printf("Unknown\n\n");
-		break;
-	}
-}
-
-static int confirm_close(void)
-{
-	puts("Warning: Please ensure your sample is in NXP closed state, "
-	     "OEM SRK hash has been fused, \n"
-	     "         and you are able to boot a signed image successfully "
-	     "without any SECO events reported.\n"
-	     "         If not, your sample will be unrecoverable.\n"
-	     "\nReally perform this operation? <y/N>\n");
-
-	if (confirm_yesno())
-		return 1;
-
-	puts("Ahab close aborted\n");
-	return 0;
-}
-
-static int do_ahab_close(struct cmd_tbl *cmdtp, int flag, int argc,
-			 char *const argv[])
-{
-	int err;
-	u32 resp;
-
-	if (!confirm_close())
-		return -EACCES;
-
-	err = ahab_forward_lifecycle(8, &resp);
-	if (err != 0) {
-		printf("Error in forward lifecycle to OEM closed\n");
-		return -EIO;
-	}
-
-	printf("Change to OEM closed successfully\n");
-
-	return 0;
-}
-
-int ahab_dump(void)
-{
-	u32 buffer[32];
-	int ret, i = 0;
-
-	do {
-		ret = ahab_dump_buffer(buffer, 32);
-		if (ret < 0) {
-			printf("Error in dump AHAB log\n");
-			return -EIO;
-		}
-
-		if (ret == 1)
-			break;
-
-		for (i = 0; i < ret; i++)
-			printf("0x%x\n", buffer[i]);
-	} while (ret >= 21);
-
-	return 0;
-}
-
-static int do_ahab_dump(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
-{
-	return ahab_dump();
-}
-
-static int do_ahab_status(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
-{
-	u32 lc;
-
-	lc = readl(FSB_BASE_ADDR + 0x41c);
-	lc &= 0x3f;
-
-	display_life_cycle(lc);
-	return 0;
-}
-
-U_BOOT_CMD(auth_cntr, CONFIG_SYS_MAXARGS, 1, do_authenticate,
-	   "autenticate OS container via AHAB",
-	   "addr\n"
-	   "addr - OS container hex address\n"
-);
-
-U_BOOT_CMD(ahab_close, CONFIG_SYS_MAXARGS, 1, do_ahab_close,
-	   "Change AHAB lifecycle to OEM closed",
-	   ""
-);
-
-U_BOOT_CMD(ahab_dump, CONFIG_SYS_MAXARGS, 1, do_ahab_dump,
-	   "Dump AHAB log for debug",
-	   ""
-);
-
-U_BOOT_CMD(ahab_status, CONFIG_SYS_MAXARGS, 1, do_ahab_status,
-	   "display AHAB lifecycle only",
-	   ""
-);
diff --git a/arch/arm/mach-imx/imx9/Makefile b/arch/arm/mach-imx/imx9/Makefile
index 6d038a60c6..e1b09ab534 100644
--- a/arch/arm/mach-imx/imx9/Makefile
+++ b/arch/arm/mach-imx/imx9/Makefile
@@ -4,7 +4,6 @@
 
 obj-y += lowlevel_init.o
 obj-y += soc.o clock.o clock_root.o trdc.o
-obj-$(CONFIG_AHAB_BOOT) += ahab.o
 
 #ifndef CONFIG_SPL_BUILD
 obj-y += imx_bootaux.o
diff --git a/arch/arm/mach-imx/imx9/ahab.c b/arch/arm/mach-imx/imx9/ahab.c
deleted file mode 100644
index ac69975fc7..0000000000
--- a/arch/arm/mach-imx/imx9/ahab.c
+++ /dev/null
@@ -1,580 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0+
-/*
- * Copyright 2022 NXP
- */
-
-#include <common.h>
-#include <command.h>
-#include <errno.h>
-#include <asm/io.h>
-#include <asm/mach-imx/s400_api.h>
-#include <asm/mach-imx/sys_proto.h>
-#include <asm/arch-imx/cpu.h>
-#include <asm/arch/sys_proto.h>
-#include <asm/mach-imx/image.h>
-#include <console.h>
-#include <cpu_func.h>
-#include <asm/mach-imx/ahab.h>
-#include <asm/global_data.h>
-
-DECLARE_GLOBAL_DATA_PTR;
-
-#define IMG_CONTAINER_BASE             (0x80000000UL)
-#define IMG_CONTAINER_END_BASE         (IMG_CONTAINER_BASE + 0xFFFFUL)
-
-#define AHAB_MAX_EVENTS 8
-
-static char *ele_ipc_str[] = {
-	"IPC = MU RTD (0x1)\n",
-	"IPC = MU APD (0x2)\n",
-	"IPC = INVALID\n",
-	NULL
-};
-
-static char *ele_status_str[] = {
-	"STA = ELE_SUCCESS_IND (0xD6)\n",
-	"STA = ELE_FAILURE_IND (0x29)\n",
-	"STA = INVALID\n",
-	NULL
-};
-
-static char *ele_cmd_str[] = {
-	"CMD = ELE_PING_REQ (0x01)\n",
-	"CMD = ELE_FW_AUTH_REQ (0x02)\n",
-	"CMD = ELE_RESTART_RST_TIMER_REQ (0x04)\n",
-	"CMD = ELE_DUMP_DEBUG_BUFFER_REQ (0x21)\n",
-	"CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)\n",
-	"CMD = ELE_VERIFY_IMAGE_REQ (0x88)\n",
-	"CMD = ELE_RELEASE_CONTAINER_REQ (0x89)\n",
-	"CMD = ELE_WRITE_SECURE_FUSE_REQ (0x91)\n",
-	"CMD = ELE_FWD_LIFECYCLE_UP_REQ (0x95)\n",
-	"CMD = ELE_READ_FUSE_REQ (0x97)\n",
-	"CMD = ELE_GET_FW_VERSION_REQ (0x9D)\n",
-	"CMD = ELE_RET_LIFECYCLE_UP_REQ (0xA0)\n",
-	"CMD = ELE_GET_EVENTS_REQ (0xA2)\n",
-	"CMD = ELE_ENABLE_PATCH_REQ (0xC3)\n",
-	"CMD = ELE_RELEASE_RDC_REQ (0xC4)\n",
-	"CMD = ELE_GET_FW_STATUS_REQ (0xC5)\n",
-	"CMD = ELE_ENABLE_OTFAD_REQ (0xC6)\n",
-	"CMD = ELE_RESET_REQ (0xC7)\n",
-	"CMD = ELE_UPDATE_OTP_CLKDIV_REQ (0xD0)\n",
-	"CMD = ELE_POWER_DOWN_REQ (0xD1)\n",
-	"CMD = ELE_ENABLE_APC_REQ (0xD2)\n",
-	"CMD = ELE_ENABLE_RTC_REQ (0xD3)\n",
-	"CMD = ELE_DEEP_POWER_DOWN_REQ (0xD4)\n",
-	"CMD = ELE_STOP_RST_TIMER_REQ (0xD5)\n",
-	"CMD = ELE_WRITE_FUSE_REQ (0xD6)\n",
-	"CMD = ELE_RELEASE_CAAM_REQ (0xD7)\n",
-	"CMD = ELE_RESET_A35_CTX_REQ (0xD8)\n",
-	"CMD = ELE_MOVE_TO_UNSECURED_REQ (0xD9)\n",
-	"CMD = ELE_GET_INFO_REQ (0xDA)\n",
-	"CMD = ELE_ATTEST_REQ (0xDB)\n",
-	"CMD = ELE_RELEASE_PATCH_REQ (0xDC)\n",
-	"CMD = ELE_OTP_SEQ_SWITH_REQ (0xDD)\n",
-	"CMD = INVALID\n",
-	NULL
-};
-
-static char *ele_ind_str[] = {
-	"IND = ELE_ROM_PING_FAILURE_IND (0x0A)\n",
-	"IND = ELE_FW_PING_FAILURE_IND (0x1A)\n",
-	"IND = ELE_BAD_SIGNATURE_FAILURE_IND (0xF0)\n",
-	"IND = ELE_BAD_HASH_FAILURE_IND (0xF1)\n",
-	"IND = ELE_INVALID_LIFECYCLE_IND (0xF2)\n",
-	"IND = ELE_PERMISSION_DENIED_FAILURE_IND (0xF3)\n",
-	"IND = ELE_INVALID_MESSAGE_FAILURE_IND (0xF4)\n",
-	"IND = ELE_BAD_VALUE_FAILURE_IND (0xF5)\n",
-	"IND = ELE_BAD_FUSE_ID_FAILURE_IND (0xF6)\n",
-	"IND = ELE_BAD_CONTAINER_FAILURE_IND (0xF7)\n",
-	"IND = ELE_BAD_VERSION_FAILURE_IND (0xF8)\n",
-	"IND = ELE_INVALID_KEY_FAILURE_IND (0xF9)\n",
-	"IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA)\n",
-	"IND = ELE_NO_VALID_CONTAINER_FAILURE_IND (0xFB)\n",
-	"IND = ELE_BAD_CERTIFICATE_FAILURE_IND (0xFC)\n",
-	"IND = ELE_BAD_UID_FAILURE_IND (0xFD)\n",
-	"IND = ELE_BAD_MONOTONIC_COUNTER_FAILURE_IND (0xFE)\n",
-	"IND = ELE_MUST_SIGNED_FAILURE_IND (0xE0)\n",
-	"IND = ELE_NO_AUTHENTICATION_FAILURE_IND (0xEE)\n",
-	"IND = ELE_BAD_SRK_SET_FAILURE_IND (0xEF)\n",
-	"IND = ELE_UNALIGNED_PAYLOAD_FAILURE_IND (0xA6)\n",
-	"IND = ELE_WRONG_SIZE_FAILURE_IND (0xA7)\n",
-	"IND = ELE_ENCRYPTION_FAILURE_IND (0xA8)\n",
-	"IND = ELE_DECRYPTION_FAILURE_IND (0xA9)\n",
-	"IND = ELE_OTP_PROGFAIL_FAILURE_IND (0xAA)\n",
-	"IND = ELE_OTP_LOCKED_FAILURE_IND (0xAB)\n",
-	"IND = ELE_OTP_INVALID_IDX_FAILURE_IND (0xAD)\n",
-	"IND = ELE_TIME_OUT_FAILURE_IND (0xB0)\n",
-	"IND = ELE_BAD_PAYLOAD_FAILURE_IND (0xB1)\n",
-	"IND = ELE_WRONG_ADDRESS_FAILURE_IND (0xB4)\n",
-	"IND = ELE_DMA_FAILURE_IND (0xB5)\n",
-	"IND = ELE_DISABLED_FEATURE_FAILURE_IND (0xB6)\n",
-	"IND = ELE_MUST_ATTEST_FAILURE_IND (0xB7)\n",
-	"IND = ELE_RNG_NOT_STARTED_FAILURE_IND (0xB8)\n",
-	"IND = ELE_CRC_ERROR_IND (0xB9)\n",
-	"IND = ELE_AUTH_SKIPPED_OR_FAILED_FAILURE_IND (0xBB)\n",
-	"IND = ELE_INCONSISTENT_PAR_FAILURE_IND (0xBC)\n",
-	"IND = ELE_RNG_INST_FAILURE_FAILURE_IND (0xBD)\n",
-	"IND = ELE_LOCKED_REG_FAILURE_IND (0xBE)\n",
-	"IND = ELE_BAD_ID_FAILURE_IND (0xBF)\n",
-	"IND = ELE_INVALID_OPERATION_FAILURE_IND (0xC0)\n",
-	"IND = ELE_NON_SECURE_STATE_FAILURE_IND (0xC1)\n",
-	"IND = ELE_MSG_TRUNCATED_IND (0xC2)\n",
-	"IND = ELE_BAD_IMAGE_NUM_FAILURE_IND (0xC3)\n",
-	"IND = ELE_BAD_IMAGE_ADDR_FAILURE_IND (0xC4)\n",
-	"IND = ELE_BAD_IMAGE_PARAM_FAILURE_IND (0xC5)\n",
-	"IND = ELE_BAD_IMAGE_TYPE_FAILURE_IND (0xC6)\n",
-	"IND = ELE_CORRUPTED_SRK_FAILURE_IND (0xD0)\n",
-	"IND = ELE_OUT_OF_MEMORY_IND (0xD1)\n",
-	"IND = ELE_CSTM_FAILURE_IND (0xCF)\n",
-	"IND = ELE_OLD_VERSION_FAILURE_IND (0xCE)\n",
-	"IND = ELE_WRONG_BOOT_MODE_FAILURE_IND (0xCD)\n",
-	"IND = ELE_APC_ALREADY_ENABLED_FAILURE_IND (0xCB)\n",
-	"IND = ELE_RTC_ALREADY_ENABLED_FAILURE_IND (0xCC)\n",
-	"IND = ELE_ABORT_IND (0xFF)\n",
-	"IND = INVALID\n",
-	NULL
-};
-
-static u8 ele_cmd[] = {
-	ELE_PING_REQ,
-	ELE_FW_AUTH_REQ,
-	ELE_RESTART_RST_TIMER_REQ,
-	ELE_DUMP_DEBUG_BUFFER_REQ,
-	ELE_OEM_CNTN_AUTH_REQ,
-	ELE_VERIFY_IMAGE_REQ,
-	ELE_RELEASE_CONTAINER_REQ,
-	ELE_WRITE_SECURE_FUSE_REQ,
-	ELE_FWD_LIFECYCLE_UP_REQ,
-	ELE_READ_FUSE_REQ,
-	ELE_GET_FW_VERSION_REQ,
-	ELE_RET_LIFECYCLE_UP_REQ,
-	ELE_GET_EVENTS_REQ,
-	ELE_ENABLE_PATCH_REQ,
-	ELE_RELEASE_RDC_REQ,
-	ELE_GET_FW_STATUS_REQ,
-	ELE_ENABLE_OTFAD_REQ,
-	ELE_RESET_REQ,
-	ELE_UPDATE_OTP_CLKDIV_REQ,
-	ELE_POWER_DOWN_REQ,
-	ELE_ENABLE_APC_REQ,
-	ELE_ENABLE_RTC_REQ,
-	ELE_DEEP_POWER_DOWN_REQ,
-	ELE_STOP_RST_TIMER_REQ,
-	ELE_WRITE_FUSE_REQ,
-	ELE_RELEASE_CAAM_REQ,
-	ELE_RESET_A35_CTX_REQ,
-	ELE_MOVE_TO_UNSECURED_REQ,
-	ELE_GET_INFO_REQ,
-	ELE_ATTEST_REQ,
-	ELE_RELEASE_PATCH_REQ,
-	ELE_OTP_SEQ_SWITH_REQ
-};
-
-static u8 ele_ind[] = {
-	ELE_ROM_PING_FAILURE_IND,
-	ELE_FW_PING_FAILURE_IND,
-	ELE_BAD_SIGNATURE_FAILURE_IND,
-	ELE_BAD_HASH_FAILURE_IND,
-	ELE_INVALID_LIFECYCLE_IND,
-	ELE_PERMISSION_DENIED_FAILURE_IND,
-	ELE_INVALID_MESSAGE_FAILURE_IND,
-	ELE_BAD_VALUE_FAILURE_IND,
-	ELE_BAD_FUSE_ID_FAILURE_IND,
-	ELE_BAD_CONTAINER_FAILURE_IND,
-	ELE_BAD_VERSION_FAILURE_IND,
-	ELE_INVALID_KEY_FAILURE_IND,
-	ELE_BAD_KEY_HASH_FAILURE_IND,
-	ELE_NO_VALID_CONTAINER_FAILURE_IND,
-	ELE_BAD_CERTIFICATE_FAILURE_IND,
-	ELE_BAD_UID_FAILURE_IND,
-	ELE_BAD_MONOTONIC_COUNTER_FAILURE_IND,
-	ELE_MUST_SIGNED_FAILURE_IND,
-	ELE_NO_AUTHENTICATION_FAILURE_IND,
-	ELE_BAD_SRK_SET_FAILURE_IND,
-	ELE_UNALIGNED_PAYLOAD_FAILURE_IND,
-	ELE_WRONG_SIZE_FAILURE_IND,
-	ELE_ENCRYPTION_FAILURE_IND,
-	ELE_DECRYPTION_FAILURE_IND,
-	ELE_OTP_PROGFAIL_FAILURE_IND,
-	ELE_OTP_LOCKED_FAILURE_IND,
-	ELE_OTP_INVALID_IDX_FAILURE_IND,
-	ELE_TIME_OUT_FAILURE_IND,
-	ELE_BAD_PAYLOAD_FAILURE_IND,
-	ELE_WRONG_ADDRESS_FAILURE_IND,
-	ELE_DMA_FAILURE_IND,
-	ELE_DISABLED_FEATURE_FAILURE_IND,
-	ELE_MUST_ATTEST_FAILURE_IND,
-	ELE_RNG_NOT_STARTED_FAILURE_IND,
-	ELE_CRC_ERROR_IND,
-	ELE_AUTH_SKIPPED_OR_FAILED_FAILURE_IND,
-	ELE_INCONSISTENT_PAR_FAILURE_IND,
-	ELE_RNG_INST_FAILURE_FAILURE_IND,
-	ELE_LOCKED_REG_FAILURE_IND,
-	ELE_BAD_ID_FAILURE_IND,
-	ELE_INVALID_OPERATION_FAILURE_IND,
-	ELE_NON_SECURE_STATE_FAILURE_IND,
-	ELE_MSG_TRUNCATED_IND,
-	ELE_BAD_IMAGE_NUM_FAILURE_IND,
-	ELE_BAD_IMAGE_ADDR_FAILURE_IND,
-	ELE_BAD_IMAGE_PARAM_FAILURE_IND,
-	ELE_BAD_IMAGE_TYPE_FAILURE_IND,
-	ELE_CORRUPTED_SRK_FAILURE_IND,
-	ELE_OUT_OF_MEMORY_IND,
-	ELE_CSTM_FAILURE_IND,
-	ELE_OLD_VERSION_FAILURE_IND,
-	ELE_WRONG_BOOT_MODE_FAILURE_IND,
-	ELE_APC_ALREADY_ENABLED_FAILURE_IND,
-	ELE_RTC_ALREADY_ENABLED_FAILURE_IND,
-	ELE_ABORT_IND
-};
-
-static u8 ele_ipc[] = {
-	ELE_IPC_MU_RTD,
-	ELE_IPC_MU_APD
-};
-
-static u8 ele_status[] = {
-	ELE_SUCCESS_IND,
-	ELE_FAILURE_IND
-};
-
-static inline u32 get_idx(u8 *list, u8 tgt, u32 size)
-{
-	u32 i;
-
-	for (i = 0; i < size; i++) {
-		if (list[i] == tgt)
-			return i;
-	}
-
-	return i; /* last str is invalid */
-}
-
-static void display_ahab_auth_ind(u32 event)
-{
-	u8 resp_ind = (event >> 8) & 0xff;
-
-	printf("%s\n", ele_ind_str[get_idx(ele_ind, resp_ind, ARRAY_SIZE(ele_ind))]);
-}
-
-int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length)
-{
-	int err;
-	u32 resp;
-
-	memcpy((void *)IMG_CONTAINER_BASE, (const void *)container,
-	       ALIGN(length, CONFIG_SYS_CACHELINE_SIZE));
-
-	flush_dcache_range(IMG_CONTAINER_BASE,
-			   IMG_CONTAINER_BASE + ALIGN(length, CONFIG_SYS_CACHELINE_SIZE) - 1);
-
-	err = ahab_auth_oem_ctnr(IMG_CONTAINER_BASE, &resp);
-	if (err) {
-		printf("Authenticate container hdr failed, return %d, resp 0x%x\n",
-		       err, resp);
-		display_ahab_auth_ind(resp);
-	}
-
-	return err;
-}
-
-int ahab_auth_release(void)
-{
-	int err;
-	u32 resp;
-
-	err = ahab_release_container(&resp);
-	if (err) {
-		printf("Error: release container failed, resp 0x%x!\n", resp);
-		display_ahab_auth_ind(resp);
-	}
-
-	return err;
-}
-
-int ahab_verify_cntr_image(struct boot_img_t *img, int image_index)
-{
-	int err;
-	u32 resp;
-
-	err = ahab_verify_image(image_index, &resp);
-	if (err) {
-		printf("Authenticate img %d failed, return %d, resp 0x%x\n",
-		       image_index, err, resp);
-		display_ahab_auth_ind(resp);
-
-		return -EIO;
-	}
-
-	return 0;
-}
-
-static inline bool check_in_dram(ulong addr)
-{
-	int i;
-	struct bd_info *bd = gd->bd;
-
-	for (i = 0; i < CONFIG_NR_DRAM_BANKS; ++i) {
-		if (bd->bi_dram[i].size) {
-			if (addr >= bd->bi_dram[i].start &&
-			    addr < (bd->bi_dram[i].start + bd->bi_dram[i].size))
-				return true;
-		}
-	}
-
-	return false;
-}
-
-int authenticate_os_container(ulong addr)
-{
-	struct container_hdr *phdr;
-	int i, ret = 0;
-	int err;
-	u16 length;
-	struct boot_img_t *img;
-	unsigned long s, e;
-
-	if (addr % 4) {
-		puts("Error: Image's address is not 4 byte aligned\n");
-		return -EINVAL;
-	}
-
-	if (!check_in_dram(addr)) {
-		puts("Error: Image's address is invalid\n");
-		return -EINVAL;
-	}
-
-	phdr = (struct container_hdr *)addr;
-	if (phdr->tag != 0x87 || phdr->version != 0x0) {
-		printf("Error: Wrong container header\n");
-		return -EFAULT;
-	}
-
-	if (!phdr->num_images) {
-		printf("Error: Wrong container, no image found\n");
-		return -EFAULT;
-	}
-
-	length = phdr->length_lsb + (phdr->length_msb << 8);
-
-	debug("container length %u\n", length);
-
-	err = ahab_auth_cntr_hdr(phdr, length);
-	if (err) {
-		ret = -EIO;
-		goto exit;
-	}
-
-	debug("Verify images\n");
-
-	/* Copy images to dest address */
-	for (i = 0; i < phdr->num_images; i++) {
-		img = (struct boot_img_t *)(addr +
-					    sizeof(struct container_hdr) +
-					    i * sizeof(struct boot_img_t));
-
-		debug("img %d, dst 0x%x, src 0x%lx, size 0x%x\n",
-		      i, (uint32_t)img->dst, img->offset + addr, img->size);
-
-		memcpy((void *)img->dst, (const void *)(img->offset + addr),
-		       img->size);
-
-		s = img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1);
-		e = ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE) - 1;
-
-		flush_dcache_range(s, e);
-
-		ret = ahab_verify_cntr_image(img, i);
-		if (ret)
-			goto exit;
-	}
-
-exit:
-	debug("ahab_auth_release, 0x%x\n", ret);
-	ahab_auth_release();
-
-	return ret;
-}
-
-static int do_authenticate(struct cmd_tbl *cmdtp, int flag, int argc,
-			   char *const argv[])
-{
-	ulong addr;
-
-	if (argc < 2)
-		return CMD_RET_USAGE;
-
-	addr = simple_strtoul(argv[1], NULL, 16);
-
-	printf("Authenticate OS container at 0x%lx\n", addr);
-
-	if (authenticate_os_container(addr))
-		return CMD_RET_FAILURE;
-
-	return CMD_RET_SUCCESS;
-}
-
-static void display_life_cycle(u32 lc)
-{
-	printf("Lifecycle: 0x%08X, ", lc);
-	switch (lc) {
-	case 0x1:
-		printf("BLANK\n\n");
-		break;
-	case 0x2:
-		printf("FAB\n\n");
-		break;
-	case 0x4:
-		printf("NXP Provisioned\n\n");
-		break;
-	case 0x8:
-		printf("OEM Open\n\n");
-		break;
-	case 0x10:
-		printf("OEM Secure World Closed\n\n");
-		break;
-	case 0x20:
-		printf("OEM closed\n\n");
-		break;
-	case 0x40:
-		printf("Field Return OEM\n\n");
-		break;
-	case 0x80:
-		printf("Field Return NXP\n\n");
-		break;
-	case 0x100:
-		printf("OEM Locked\n\n");
-		break;
-	case 0x200:
-		printf("BRICKED\n\n");
-		break;
-	default:
-		printf("Unknown\n\n");
-		break;
-	}
-}
-
-static int confirm_close(void)
-{
-	puts("Warning: Please ensure your sample is in NXP closed state, "
-	     "OEM SRK hash has been fused, \n"
-	     "         and you are able to boot a signed image successfully "
-	     "without any SECO events reported.\n"
-	     "         If not, your sample will be unrecoverable.\n"
-	     "\nReally perform this operation? <y/N>\n");
-
-	if (confirm_yesno())
-		return 1;
-
-	puts("Ahab close aborted\n");
-	return 0;
-}
-
-static int do_ahab_close(struct cmd_tbl *cmdtp, int flag, int argc,
-			 char *const argv[])
-{
-	int err;
-	u32 resp;
-
-	if (!confirm_close())
-		return -EACCES;
-
-	err = ahab_forward_lifecycle(8, &resp);
-	if (err != 0) {
-		printf("Error in forward lifecycle to OEM closed\n");
-		return -EIO;
-	}
-
-	printf("Change to OEM closed successfully\n");
-
-	return 0;
-}
-
-int ahab_dump(void)
-{
-	u32 buffer[32];
-	int ret, i = 0;
-
-	do {
-		ret = ahab_dump_buffer(buffer, 32);
-		if (ret < 0) {
-			printf("Error in dump AHAB log\n");
-			return -EIO;
-		}
-
-		if (ret == 1)
-			break;
-		for (i = 0; i < ret; i++)
-			printf("0x%x\n", buffer[i]);
-	} while (ret >= 21);
-
-	return 0;
-}
-
-static int do_ahab_dump(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
-{
-	return ahab_dump();
-}
-
-static void display_event(u32 event)
-{
-	printf("\n\t0x%08x\n", event);
-	printf("\t%s", ele_ipc_str[get_idx(ele_ipc,
-		(event >> 24) & 0xFF, ARRAY_SIZE(ele_ipc))]);
-	printf("\t%s", ele_cmd_str[get_idx(ele_cmd,
-		(event >> 16) & 0xFF, ARRAY_SIZE(ele_cmd))]);
-	printf("\t%s", ele_ind_str[get_idx(ele_ind,
-		(event >> 8) & 0xFF, ARRAY_SIZE(ele_ind))]);
-	printf("\t%s", ele_status_str[get_idx(ele_status,
-		event & 0xFF, ARRAY_SIZE(ele_status))]);
-}
-
-static int do_ahab_status(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
-{
-	u32 lc, i;
-	u32 events[AHAB_MAX_EVENTS];
-	u32 cnt = AHAB_MAX_EVENTS;
-	int ret;
-
-	lc = readl(FSB_BASE_ADDR + 0x41c);
-	lc &= 0x3ff;
-
-	display_life_cycle(lc);
-
-	ret = ahab_get_events(events, &cnt, NULL);
-	if (ret) {
-		printf("Get ELE EVENTS error %d\n", ret);
-		return CMD_RET_FAILURE;
-	}
-
-	if (!cnt) {
-		puts("\n\tNo Events Found!\n");
-		return 0;
-	}
-
-	for (i = 0; i < cnt; i++)
-		display_event(events[i]);
-
-	return 0;
-}
-
-U_BOOT_CMD(auth_cntr, CONFIG_SYS_MAXARGS, 1, do_authenticate,
-	   "autenticate OS container via AHAB",
-	   "addr\n"
-	   "addr - OS container hex address\n"
-);
-
-U_BOOT_CMD(ahab_close, CONFIG_SYS_MAXARGS, 1, do_ahab_close,
-	   "Change AHAB lifecycle to OEM closed",
-	   ""
-);
-
-U_BOOT_CMD(ahab_dump, CONFIG_SYS_MAXARGS, 1, do_ahab_dump,
-	   "Dump AHAB log for debug",
-	   ""
-);
-
-U_BOOT_CMD(ahab_status, CONFIG_SYS_MAXARGS, 1, do_ahab_status,
-	   "display AHAB lifecycle only",
-	   ""
-);