# 启动

Source: [https://docs.qualcomm.com/doc/80-70014-11Y/topic/bring-up.html](https://docs.qualcomm.com/doc/80-70014-11Y/topic/bring-up.html)

您可以验证各种安全功能的状态。

Note: 请记住在 SELinux Permissive 模式下运行所有 SSH 命令。将来会支持 Enforcing 模式。有关如何连接到设备的说明，请参见 [Qualcomm Linux 编译指南 ➝ 操作方法 ➝ 如何使用 SSH](https://docs.qualcomm.com/bundle/publicresource/topics/80-70014-254/how_to.html)。

## 验证 TZ/设备配置/Hypervisor 镜像加载

XBL 日志包含有关 TZ/设备配置/Hypervisor 镜像加载的信息。

例如：

- 设备配置 (DEVCFG)

        B - 1206031 - QSEE Dev Config - Image Load, Start 
        D - 763 - Auth Metadata 
        D - 549 - Segments hash check 
        D - 13054 - QSEE Dev Config - Image Loaded, Delta - (53248 Bytes) Copy to clipboard
- TZ

        B - 1228113 - QSEE - Image Load, Start 
        D - 26382 - Auth Metadata 
        D - 22234 - Segments hash check 
        D - 88999 - QSEE - Image Loaded, Delta - (4027792 Bytes)Copy to clipboard
- Hypervisor

        B - 1402237 - QHEE - Image Load, Start 
        D - 26383 - Auth Metadata 
        D - 7045 - Segments hash check 
        D - 35258 - QHEE - Image Loaded, Delta - (1491024 Bytes)Copy to clipboard
- APDP

        B -    978348 - APDP -  Image Load, Start
        D -     42212 - Auth Metadata
        D -       458 - Segments hash check
        D -     48434 - APDP -  Image Loaded, Delta - (17332 Bytes)
        Copy to clipboard

## 验证安全启动

XBL 日志包含设备的安全启动状态。日志包括有关启动接口、安全启动状态、启动配置、JTAG ID、OEM ID 和序列号的信息。

    S - Format: Log Type - Time(microsec) - Message - Optional Info 
    
    S - Log Type: B - Since Boot(Power On Reset),  D - Delta,  S - Statistic 
    
    S - QC_IMAGE_VERSION_STRING=BOOT.MXF.1.0.c1-00037-KODIAKLA-1 
    
    S - IMAGE_VARIANT_STRING=SocKodiakLAA 
    
    S - OEM_IMAGE_VERSION_STRING=hu-apasunur-hyd 
    
    S - Boot Interface: USB 
    
    S - Secure Boot: On 
    
    S - Boot Config @ 0x00786070 = 0x000000c1 
    
    S - JTAG ID @ 0x00786130 = 0x001970e1 
    
    S - OEM ID @ 0x00786138 = 0x00000000 
    
    S - Serial Number @ 0x00786134 = 0x4172f1dd 
    Copy to clipboard

## 验证 SELinux 状态

1. 验证内核配置：

        CONFIG_SECURITY_SELINUX=yCopy to clipboard
2. 通过 SSH 连接到设备。
3. 通过运行以下 `seinfo` 命令查看 SELinux 启用状态和其他详细信息：

        Statistics for policy file: /sys/fs/selinux/policy
        Policy Version:             33 (MLS enabled)
        Target Policy:              selinux
        Handle unknown classes:     allow
        Classes:             131    Permissions:         423
        Sensitivities:        16    Categories:         1024
        Types:              4376    Attributes:          319
        Copy to clipboard
4. 从控制台或通过 SSH 连接到设备验证 SELinux Enforcing执行状态：

        $ getenforce
        enforcing - if selinux is set to enable
        Copy to clipboard

## 验证 PIL 镜像加载 - 示例日志

| WLAN(remoteproc1) | `730, 0x00000000000459B4 | 8.700828: remoteproc remoteproc1: Remote processor 8a00000. Remoteproc is now up` |
| --- | --- |
| cDSP(remoteproc3) | `735, 0x00000000000465A3 | 8.794052: remoteproc remoteproc3: Remote processor a300000. Remoteproc is now up` |
| aDSP(remoteproc2) | `741, 0x00000000000469FC | 8.828033: remoteproc remoteproc2: Remote processor 3000000.remoteproc is now up` |
| MODEM(remoteproc0) | `1035, 0x000000000006B78B | 13.433955: remoteproc remoteproc0: Remote processor 4080000. Remoteproc is now up` |
| A660\_zap | `sh-5.1# dmesg | grep gfx`<br><br><br>                                <br>`[7.822629] kgsl-iommu SoC@0:QCOM, kgsl-iommu@3da0000:gfx3d_user: Adding to iommu group 15`<br><br><br>                                <br>`[7.870446] kgsl-3d 3d00000.qcom, kgsl-3d0: bound SoC@0:QCOM, kgsl-iommu@3da0000:gfx3d_user (ops kgsl_mmu_cb_component_ops [msm_kgsl])` |
| Video (Vpu20\_1v.mbn) | `sh-5.1# dmesg | grep video`<br><br><br>                                <br>`[7.094229] videodev: Linux video capture interface: v2.00`<br><br><br>                                <br>`[7.847469] qcom-iris aa00000.video-codec: Adding to iommu group 17`<br><br><br>                                <br>`[7.856647] qcom-iris aa00000.video-codec: no reset clocks found`<br><br><br>                                <br>`[10.131119] [drm] [msm-dsi-warn]: [nt36672e LCD video mode DSI novatek panel with DSC] fall back to default te-pin-select`<br><br><br>                                <br>`[10.188079] [drm:dsi_display_bind [msm_drm]] [msm-dsi-info]: Successfully bind display panel 'QCOM, mdss_dsi_nt36672e_fhd_plus_120_video '` |

## 验证 Qualcomm TEE mink/GPTEE API 可用性

1. 验证设备上库的可用性：

        /usr/lib/
        libmink*
        libGPMTEE*
        libGPTEE*
        Copy to clipboard
2. 验证 mink 侦听器服务是否正在运行：

        ps -ef | grep qtee_supplicant and qtee_supplicant is running
        ps -ef | grep ssgtzd
        Copy to clipboard

## 验证 SMC 调用驱动程序状态

1. 通过 SSH 连接到设备。
2. 验证 `/dev/smcinvoke` 节点是否存在：

        ls -l /dev/smcinvoke
        Copy to clipboard

## 验证 Qualcomm WES 状态

对 Qualcomm Linux 附带提供的专有软件拥有完全访问权限的用户可以验证 Qualcomm WES 状态。如果您拥有访问权限，请参见 [Qualcomm Linux Security Guide - Addendum → Bring up](https://docs.qualcomm.com/bundle/resource/topics/80-70014-11A/bring-up-fru.html)。

## 检查 RPMB 预配状态

通过 SSH 连接到设备并运行以下命令：

    sh-5.1# rpmbClient smci -p 1Copy to clipboard

将显示以下消息：

<samp class="ph systemoutput">------------------------------------------------------- SMCINVOKE INTERFACE WARNING!!! You are about to provision the RPMB key. This is a ONE time operation and CANNOT be reversed. ------------------------------------------------------- 0 -&gt; Provision Production key 1 -&gt; Provision Test key 2 -&gt; Check RPMB key provision status ------------------------------------------------------- Select an option to proceed: 2 RMPB Key status: RPMB_KEY_NOT_PROVISIONED (f)</samp>

Last Published: Aug 27, 2024

[Previous Topic
工具](https://docs.qualcomm.com/bundle/publicresource/80-70014-11Y/topics/tools.md) [Next Topic
配置](https://docs.qualcomm.com/bundle/publicresource/80-70014-11Y/topics/configure.md)