-
Notifications
You must be signed in to change notification settings - Fork 0
Feature Guides Security And Encryption
Alex J Lennon edited this page Oct 7, 2025
·
1 revision
This document describes the EdgeLock Enclave testing capabilities available for the i.MX93 Jaguar E-Ink board.
-
Trigger:
DEV_MODE=1orIMAGE_FEATUREScontainsdebug-tweaks - Includes: ELE test suite, debug commands, development tools
-
U-Boot: Enhanced ELE commands (
ele,ahab,fuse,mbox) - Linux: ELE test applications and utilities
-
Trigger:
DEV_MODE=0or nodebug-tweaksinIMAGE_FEATURES - Includes: Only essential ELE drivers and functionality
- U-Boot: Basic ELE support without debug commands
- Linux: ELE drivers only, no test applications
# Method 1: Using DEV_MODE environment variable
DEV_MODE=1 KAS_MACHINE=imx93-jaguar-eink ./scripts/kas-build-base.sh
# Method 2: Using IMAGE_FEATURES (automatically set by DEV_MODE=1)
KAS_MACHINE=imx93-jaguar-eink ./scripts/kas-build-base.sh
# (DEV_MODE=1 is set by default in development configurations)# Production build without ELE testing tools
DEV_MODE=0 KAS_MACHINE=imx93-jaguar-eink ./scripts/kas-build-base.sh# Build U-Boot with ELE debug commands (development only)
./scripts/build-uboot-ele.sh-
simple-ele-test- Hardware detection and basic testing -
run-ele-tests- Comprehensive test runner -
ele_hsm_test- NXP ELE HSM test (if available) -
ele_hsm_perf_test- NXP ELE performance test (if available)
-
ele info- ELE information and status -
ele ping- Test ELE communication -
ele version- ELE firmware version -
ahab status- Secure boot chain status -
fuse read- OTP fuse access -
mbox list- Mailbox communication test
- ELE kernel drivers - Essential functionality only
- ELE device tree - Hardware support
- Basic ELE support - No debug tools or test applications
# Run comprehensive ELE tests
run-ele-tests
# Run specific tests
simple-ele-test all
simple-ele-test status
simple-ele-test mailbox
# Check ELE status (existing script)
sudo /tmp/check_ele_status.sh# Test ELE communication
u-boot=> ele ping
u-boot=> ele info
# Check secure boot
u-boot=> ahab status
# Test mailbox
u-boot=> mbox list
# Read fuses
u-boot=> fuse read 0 0- Security: ELE test tools can expose sensitive information
- Attack Surface: Debug commands increase potential attack vectors
- Production Hardening: Production images should be minimal and secure
- Compliance: Many security standards require debug features to be disabled in production
- Never deploy development images to production
- Always verify
DEV_MODE=0for production builds - Use separate build pipelines for development and production
- Regularly audit production images to ensure no debug tools are included
-
Check: Is this a development build? (
DEV_MODE=1) -
Check: Does the image have
debug-tweaksfeature? - Solution: Rebuild with development configuration
-
Check: Was U-Boot built with
DEV_MODE=1? -
Check: Is
enable-ele-debug-commands.cfgincluded? - Solution: Rebuild U-Boot with development configuration
-
Check: Run
simple-ele-test statusfor hardware detection - Check: Verify device tree ELE configuration
- Check: Ensure ELE drivers are loaded in kernel
-
enable-ele-debug-commands.cfg- U-Boot ELE debug commands -
lmp-feature-ele-testing.inc- ELE test suite for Linux -
nxp-ele-test-suite- ELE test applications
-
enable-ele-secure.cfg- Basic ELE support - ELE kernel drivers and device tree
- Essential ELE functionality
This ensures that ELE functionality is available for development and testing while maintaining security in production deployments.