This is an example package to enable AHAB image check for Linux remote proc framework.

1. Environment
	HW: i.MX 93 11x11 EVK
	SW: lf-6.6.36
2. Steps
	1. Apply patch to imx-mkimage
		cd imx-mkimage
		git apply imx-mkimage\0001-add-flash_remote_proc-target-for-Linux-remote-proc-v.patch
	2. Apply patch to linux-imx
		cd linux-imx
		git apply linux-imx\0001-add-AHAB-check-for-imx-remote-proc-process.patch
	3. Make target with mkimage
		cd imx-mkimage/iMX93
		cp imx93-11x11-evk_m33_TCM_rpmsg_lite_pingpong_rtos_linux_remote.elf m33_image.elf
		cd imx-mkimage && make SOC=iMX93 flash_remote_proc
		Note about the make log:
			CST: CONTAINER 0 offset: 0x0
			CST: CONTAINER 0: Signature Block: offset is at 0x90
					Offsets =       0x0     0x90
	4. Sign and encrypt the image
		cp iMX93/flash.elf cst/
		cat csf_remote_proc.csf
			[Header]
			Target = AHAB
			Version = 1.0
			[Install SRK]
			File = "/home/yanxing/WorkSpace/secure_boot/crts/ECC/P384-SHA384/SRK_1_2_3_4_table.bin"
			Source = "/home/yanxing/WorkSpace/secure_boot/crts/ECC/P384-SHA384/SRK1_sha384_secp384r1_v3_usr_crt.pem"
			Source index = 0
			Source set = OEM
			Revocations = 0x0
			[Authenticate Data]
			File = "flash.elf"
			Offsets   = 0x0        0x90
			[Install Secret Key]
			Key = "encryption.key"
			Key Length = 128
			#Key Identifier = 0x1234CAFE
			#Image Indexes = 0xFFFFFFFE
		cst-4.0.1/bin/cst -i csf_remote_proc.csf -o signed-flash.elf
	4. Assemble the dek blob
		u-boot=> fatload mmc 1:1 0x80280000 encryption.key
		u-boot=> dek_blob 0x80280000 0x80281000 128
		u-boot=> fatwrite mmc 1:1 0x80281000 dek_blob.key 0x48
		dd if=dek_blob.key of=signed-flash.elf bs=1 seek=704 conv=notrunc
	5. Start a default m33 image in U-Boot
		u-boot=> editenv mmcargs
		edit: setenv bootargs ${jh_clk} ${mcore_clk} console=${console} root=${mmcroot} clk_ignore_unused
		u-boot=> run prepare_mcore && fatload mmc 1:1 0x80000000 signed-flash_bootaux_p384.bin && cp.b 0x80000000 0x201e0000 0x10000 && bootaux_cntr 0x201e0000 0 && boot
	6. Boot another image in Linux
		echo 7 > /proc/sys/kernel/printk
		echo stop > /sys/class/remoteproc/remoteproc0/state
		echo -n /root/signed-flash.elf > /sys/class/remoteproc/remoteproc0/firmware
		echo start > /sys/class/remoteproc/remoteproc0/state

Note:
	In OEM Closed lifecycle, the device may be reset in case of authentication failure. The reset reason is CSU.
	The default m33 elf image size should be less than 1MB. It can be changed through remoteproc_reserved memory in arch/arm64/boot/dts/freescale/imx93-11x11-evk.dts
	