do sush diag

Broadcom USH Diagnostics User Guide

of 26

Revision 1.3 Copyright 2008

Broadcom USH DOS Diagnostics User Guide

Version 1.8

Broadcom Corporation

3151 Zanker Road

San Jose, CA 95134

www.broadcom.com

http://www.bluesteelnet.com/


of 26


Revision History:

Revision Date Change Description

1.0 7/26/07 Initial release

1.1 9/12/07 Modified the command strings.

Expanded on CV commands.

1.2 10/19/07 Added use examples, updated CV test numbers

1.3 1/29/08 Updated document.

1.4 2/21/08 Added Error Codes and fingerprint test details

1.5 2/22/08 Added Appendix & adjusted heading format from x.x.x to x.x.

1.6 4/15/08 Updated Document with new commands and error codes.

1.7 6/16/08 Added ErrorLevel return codes

1.8 6/19/08 Updated CV Commands, section 5.0


of 26


1 INTRODUCTION

This document describes the usage of the Broadcom DOS USH Diagnostics program (USHDIAG).

The DOS USHDIAG is a single DOS based diagnostic program that provides the necessary host based diagnostics interface to the USH firmware.

The USH (BCM5880) has two communication interfaces: TPM (via LPC) and CV (via USB). The USHDIAG program can communicate to the USH firmware via the TPM or CV interface. The program provides a means of extracting diagnostic information, running diagnostic tests, upgrading firmware and enabling diagnostic debug information,. The program is command line driven with the arguments specifying the desired diagnostic functions or download operations.

The USHDIAG uses Dell’s BIOS USB Driver for the USH CV interface.

2 SYNTAX

The USHDIAG is a Host command line diagnostics program which communicates to the USH firmware. The various options passed into the program dictates the behavior of the USHDIAG.

The USHDIAG syntax is:

ushdiag [option] … [option] <CR>

• Each option is preceded by a dash (-), with no space between the dash and the option. • Some options are stand alone, meaning there is no additional data. While other options have data associated

with them. If an option has data associated with it, the data is entered just after the option (e.g.: -offset 10000). • If an invalid option is entered, the help option is displayed, which lists all possible options. • Several options can be selected. The USHDIAG executes each option in a predefined order.

These options are divided into three categories (control commands, TPM commands & CV commands) and are described below.

The USHDIAG can communicate to the USH firmware either via the TPM or CV interface. By default the USHDIAG communicates to the USH via the TPM interface. If you wish to communicate to the USH via the CV interface you must select the CV interface by using the CV Interface option (‘-u’ for USB interface).


of 26


3 CONTROL COMMAND OPTIONS

The USHDIAG provides controls to enable diagnostic debugging. These controls help in the debugging of a particular issue by providing more information to help identify a particular problem.

This is accomplished with the following commands:

3.1 Help (-h)

This command displays the available commands and their syntax.

3.2 Verbose (-v)

This command generates additional console messages.

3.3 Pause (-p)

If the DOS console messages scroll off the screen, it is not possible to retrieve them. This command ‘pauses’ the console output (and execution) when the console screen is full. The console and program remain ‘paused’ until any key is pressed on the keyboard.

3.4 Repeat (-rep <num>)

This command repeats the specified diagnostic tests <num> times. The tests are repeated <num> times unless an error occurs or a key is pressed on the keyboard. If <num> is 0, the tests are repeated forever or until an error occurs or a key is pressed.

3.5 Log (-l <filename>)

This command directs the console messages to the specified log file.


of 26


3.6 CV Interface (-u)

By default the USHDIAG uses the TPM interface to communicate with the USH. Selecting this option forces the USHDIAG to use the CV (or USB) interface to communicate with the USH.


of 26


4 TPM COMMAND OPTIONS

The USHDIAG provides the following TPM functionality via the LPC port:

• List TPM devices. • Display the TPM registers. • Run the TPM self-test. • Create and clear the TPM Endorsement Keys. • Transmit TPM vectors to the TPM device. • Upgrade the firmware.

Here is a list of the TPM command options.

4.1 SelfTest (default operation)

The TPM SelfTest runs by default. This option issues a TPM_ORD_SelfTestFull command to the USH firmware. However, if an option listed below is selected to run, the SelfTest is not executed.

4.2 Memory Address (-m <hexaddr>)

This command specifies the TPM memory address in HEX. By default the address is 0x0CB0. Only use the option if you know the base address is different and you what you are doing.

4.3 Identify (-id)

This command identifies the installed TPM devices. This command does not activate the TPM SelfTest.

4.4 Display Base ROM Major Version (-mjr)

This command displays the Base ROM-code major version number. This command does not activate the TPM SelfTest.

4.5 Display Base ROM Minor Version (-mnr)

This command displays the Base ROM-code minor version number. This command does not activate the TPM SelfTest.


of 26


4.6 Registers (-reg)

This command displays the TPM device registers. This command does not activate the TPM SelfTest.

4.7 Create EK Pair (-cre)

This command creates a TPM Endorsement Key. This command does not activate the TPM SelfTest.

4.8 Clear EK (-cle)

This command clears a TPM Endorsement Key. This command does not activate the TPM SelfTest.

4.9 Execute Vector (-x <filename>)

This command transmits the TPM commands contained in the specified <filename> Vector File to the TPM. There can me multiple TPM commands in the Vector File. This command does not activate the TPM SelfTest.

4.10 Upgrade Firmware (-f <filename>)

The command upgrades the USH firmware via TPM. As the firmware is downloaded, it is encrypted and loaded into SPI flash. This command does not activate the TPM SelfTest.


of 26


5 CV COMMAND OPTIONS

By default the USHDIAG uses the TPM interface to communicate with the USH. You must use the CV Interface option (-u) to use the CV (or USB) interface to communicate with the USH.

The USHDIAG communicates to the USH via the CV-APIs through the USB port. The DOS diagnostic program provides the following CV functionality:

• Load SBI. • Load Flash Image. • Upgrade Firmware. • PBA Update. • USH Diagnostic Tests. • Get USH Versions. • Fingerprint Test. • Fingerprint Calibrate.

Here is a list of the CV commands.

5.1 Display CV Version (-mjr or -mnr)

This command displays the CV version number and the USH firmware versions.

5.2 Load SBI (-f <filename>)

This command loads the specified SBI (Secure Boot Image) onto the USH. When the USH receives this image, it is loaded into RAM and then executed. The SBI is an applet capable of downloading an image into SPI flash. This option is used when the existing USH SBI is incapable of performing a download. This command uses the CV_CMD_LOAD_SBI CV-API command to load the specified SBI file.

5.3 Flash Update (-flsh <filename>)

This command loads the specified Flash image onto the SPI flash. The beginning SPI flash offset for the flash image is determined by the SPI Flash Offset command (-o <offset>). By default the offset is 0. This command uses the CV_CMD_FLASH_PROGRAMMING CV-API command to load the specified flash file into the SPI flash.

When a USH firmware image is loaded into SPI flash it is not encrypted. On the next power up of the USH, the SBI will detect the non-encrypted USH image and will then encrypt the image. This process takes approximately 30-40 seconds


of 26


and must not be interrupted (loss of power) or the image will be corrupted. If the image is corrupted, the Flash image will have to be reloaded and encrypted.

5.4 Firmware Upgrade (-fw <filename>)

This command loads the specified Firmware image onto the SPI flash. There are two different types of Firmware images that can be loaded using this command: a combination image (combination of SBI and USH images) or just the USH image. The USH image is encrypted as it is received and loaded into flash. Thus there is no encryption necessary or 30-40 second delay on the next power cycle.

The beginning SPI flash offset for the flash image is determined by the SPI Flash Offset command (-o <offset>). When loading a combined image, the offset must be 0. When loading a USH image, the offset must be 10000. These are the only two acceptable values for the offset. This command uses the CV_CMD_FLASH_PROGRAMMING CV-API command to load the SBI image. The command then uses the CV_CMD_FW_UPGRADE_START, CV_CMD_FW_UPGRADE_UPDATE and CV_CMD_FW_UPGRADE_COMPLETE CV-API commands to load the USH image.

5.5 SPI Flash Offset (-o <offset>)

This command specifies the SPI flash offset. This command is used in conjunction with the Flash Update (-flsh) and Firmware Upgrade (-fw) commands to determine where the image is loaded into the SPI Flash. By default the SPI Flash Offset is 0.

5.6 PBA Update (-pba <filename>)

This command loads the specified PBA (Pre Boot Authorization) image onto a reserved section of SPI flash. This image is written to the USH and then read back to verify that it was written correctly. This command uses the CV_CMD_ACCESS_PBA_CODE_FLASH CV-API command to load the PBA image into flash.

5.7 Diag Test (-dt <testmsk>)

This command initiates USH diagnostic tests to determine if the status of the specified interface. This command issues a CV diagnostic command to the USH. The USH then performs the specified connectivity tests, and responds with an indication of which tests passed. Below is the bitmask of the defined diagnostic tests.

<testmsk>:

Bit0: Smart card:

This test triggers a reset followed by an ATR. If a device is detected the test passes and several generic commands are issued to the smart card.

Bit1: Fingerprint:


of 26


This test calls the vendor supplied fingerprint test API. The return status of the API is used as the test result. Refer to Sections 9.0 and 10.0 for more information on the Upek and AuthenTec fingerprint tests.

Bit2: RFID:

This test calls the HID API to detect if a card is present. If a card is detected the test passes.

Bit3: USB Host:

This test passes if any USB devices are detected on the host ports.

Bit4: TPM:

This test reads the TPM DID_VID register. If the register can be read then the TPM is present and the test passes.

Bit5: CV

This test uses the CV status to determine if the test passes.

5.8 Diag Test Extensive (-dte <testnum> <rfidparam>)

This command initiates a USH extensive diagnostic test. This command issues a CV diagnostic command to the USH. The USH then performs the specified test and respond with a detailed status result. The RFID test requires an additional parameter which specifies the RFID card type. Below are the diagnostic test numbers.

<testnum>:

1: Smart Card:

This test triggers a reset followed by an ATR. If a device is detected the test passes and several generic commands are issued to the smart card.

2: Fingerprint:

This test calls the vendor supplied fingerprint test API. The return status of the API is used as the test result. Refer to Sections 9.0 and 10.0 for more information on the Upek and AuthenTec fingerprint tests.

3: RFID <rfidparam>

This test checks to see if it detects the specified card type (14a, 14b or 15). If the specified card is detected the test passes.

4: USB Host

This test passes if any USB devices are detected on the host ports. It also returns the number of devices detected and their corresponding vendor and device IDs.

5: TPM

This test reads the TPM DID_VID register. If the register can be read then the TPM is present and the test passes.

6: CV

This test uses the CV status to determine if the test passes.

7: Smart Card (Java card):


of 26


This test tests for the presence of a Java Smart Card.

<rfidparam>:

1: Card Type 14a

2: Card Type 14b

3: Card Type 15

4: Card Type iClass 14b

5: Card Type iClass 15

6: Card Type Felica

5.9 Fingerprint Test (-fpt)

This command issues the vendor supplied fingerprint test API. The return status of the API is used as the test result. This command uses the CV_CMD_FINGERPRINT_TEST CV-API command to issue the test.

5.10 Fingerprint Calibrate (-fpc)

This command issues the vendor supplied fingerprint calibrate API. The return status of the API is used as the test result. This command uses the CV_CMD_FINGERPRINT_CALIBRATE CV-API command to issue the test.

5.11 Antenna Check (-ac)

This command will determine if an RFID antenna is present.

5.12 Ignore Boot Mode (-ibm)

When the USHDIAG executes, prior to executing the specified CV commands, it checks if the USH CV firmware is loaded. If the USH CV firmware is not loaded then the USH is executing from SBI. The USHDIAG detects if the USH is running from the SBI and forces you to download a USH image. The USHDIAG prompts the user for a USH image filename and a SPI flash offset. The –ibm command bypasses this logic and jumps straight to the specified commands.

5.13 Short Verbose (-sv)

This command option will turn on verbose mode only during the USH discover process.


of 26


5.14 Remove Flash Warnings (-rfw)

This command option will suppress the flash update warning messages.

5.15 Reset USH (-rst)

This command option will reset the USH.

5.16 Reset to SBI (-rsts)

This command option will reset the USH and force it to go into the SBI.

5.17 Display CV Status (-stat)

This command option will display selected CV status parameters. It will display the Operating Status, the Version, the total and remaining volatile memory space, the cv_init status and the enable\disable status of each device.

5.18 Fingerprint Diagnostic Test (-fdt)

This command option will execute a diagnostic test for the Upek fingerprint sensor.

5.19 Fingerprint Manufacturing Test (-fmt)

This command option will execute a manufacturing test for the Upek fingerprint sensor.

5.20 Firmware Upgrade Delay (-dly)

When issuing a firmware upgrade (-fw <filename>) the USH must be in SBI mode. If the USH is not in SBI mode, the USH will reset the USH to SBI mode. The USH will take approximately 5 seconds to come up into SBI. This –dly command is the time specified to wait for the USH to come back up into SBI. It is the time the ushdiag will wait before continuing with the firmware upgrade.

5.21 Detect C0 Chip with Customer ID 1 (-c0c1)

This command will detect if the USH Chip is a C0 Chip with a Customer ID 1. If so it will exit with a return code of USH_C0_CID1.


of 26


5.22 Device Enable (-de <devMask>)

This command will enable the specified devices.

<devMask>:

0: Smart Card: 1: Fingerprint: 2: RFID radio 3: CV Only Radio

5.23 Device Disable (-dd <devMask>)

This command will disable the specified devices.

<devMask>:

0: Smart Card: 1: Fingerprint: 2: RFID radio 3: CV Only Radio

5.24 Detect Customer ID (-cid <hexId>)

This command will detect if the USH Chip has the specified Customer ID <hexId>. If so it will exit with a return code of USH_C0_CID.

5.25 RFID Manufacturing Test (-rmt <test>)

This command will issue the specified RFID Manufacturing Test. <test>: 0: 5 Second Test 1: 1 Minute Test 2: 3 Minute Test

5.26 Ignore SBI Customer ID Check (-iscc)

When updating the SBI (-flsh <filename> & -o 0), the ushdiag will check that the File Customer ID matches the Chip Customer ID. If the Customer IDs do not match, the ushdiag will abort and exit with a return code of USH_FW_ERR. The –iscc command will ignore this test and continue with the SBI update.


of 26


6 CV INTERFACE

When communicating with the USH via CV, the USHDIAG has to interface properly with the CV. This communication detail is hidden from the user. When communicating with the CV, first a communication session must be opened via CV_OPEN. Once a session is opened, commands can be issued to CV. When finished communicating with CV, the session must closed via CV_CLOSE.

The USHDIAG uses the following CV-API commands. Refer to CV-API spec for more detailed information about each command.

6.1 CV Open

This is used to open a CV session and obtain a CV Handle for subsequent commands. CV command: CV_CMD_OPEN.

6.2 CV Close

This is used to close a CV session. CV command: CV_CMD_CLOSE.

6.3 CV Get Status

This is used to get specified status information. CV command: CV_CMD_GET_STATUS.

6.4 CV Get USH Versions

This is used to get the USH versions. CV command: CV_CMD_USH_VERSIONS.

6.5 CV Load SBI

This is used to load and execute an SBI. CV command: CV_CMD_LOAD_SBI.

6.6 CV Flash Update

This is used to program the flash with the specified data. CV command: CV_CMD_FLASH_PROGRAMMING.


of 26


6.7 CV Firmware Upgrade

This is used to upgrade the USH firmware with the specified image. CV commands: CV_CMD_FW_UPGRADE_START, CV_CMD_FW_UPGRADE_UPDATE and CV_CMD_FW_UPGRADE_COMPLETE.

6.8 CV Diag Test

This command is used to test the connectivity for various interfaces. CV command: CV_CMD_DIAG_TEST; sub-command: CV_DIAG_CMD_TEST_GRP

6.9 CV Diag Extensive Test

This command is used to test the connectivity for various interfaces. CV command: CV_CMD_DIAG_TEST; sub-command: CV_DIAG_CMD_TEST_IND.

6.10 CV Fingerprint Test

This command is used to test the fingerprint sensor. CV command: CV_CMD_FINGERPRINT_TEST.

6.11 CV Fingerprint Calibrate

This command is used to calibrate the fingerprint sensor. CV command: CV_CMD_FINGERPRINT_CALIBRATE.


of 26


7 USE EXAMPLES

Here are some use case examples.

7.1 Downloading a File into Flash via CV

The –flsh <filename> command downloads the specified file into the USH SPI flash at the specified offset. The example illustrates the mechanism for burning a file into flash. The procedure for upgrading the flash image is not covered here. The procedure may vary depending on which version of software you are currently running. You may need to burn different files into different locations in flash.

C:\>ushdiag –u –flsh sbi1018.bin –o 0 DOS/4GW Protected Mode Run-time Version 1.97 Copyright © Rational Systems, Inc. 1990-1994 USHDIAG v1.1 Copyright © 2007 Broadcom Corporation Log Stamp: Friday October 19, 2007 10:01:46 AM Writing data to flash (75 packets; '.'=10 packets) ........ Firmware upgrade status: successful

NOTE: After a new USH image is loaded into flash, the next time the USH powers up it will detect a non encrypted image. The SBI will then encrypt the image and load it back into flash. This process takes 30-40 seconds and must not be interrupted (reset or turning off power). If the process is interrupted, the flash will be corrupted and the image must be downloaded again.

7.2 Loading SBI into RAM via CV

The –f <filename> command loads the specified file into RAM and then executes it. Once this SBI is loaded, it has the ability to download a file into flash via the –flsh command. This command is used in the case of a USH SBI not being able to download an image.

C:\>ushdiag –u –f flashsbi.bin DOS/4GW Protected Mode Run-time Version 1.97 Copyright © Rational Systems, Inc. 1990-1994 USHDIAG v1.1 Copyright © 2007 Broadcom Corporation Log Stamp: Friday October 19, 2007 10:01:46 AM cv_open() error status: 0x50 5880 in boot strap mode CV_CMD_LOAD_SBI done, no bulkin cvif_load_sbi() status (0x0)


of 26


7.3 Running CV Diag Selftests

The –dt <test mask> test issues a selftest on the specified interfaces. The command responds with a status of which tests passed. In this example we are testing all the interfaces: Smart Card, Fingerprint, RFID, USB Host, TPM and CV.

C:\>ushdiag –u –dt 3f DOS/4GW Protected Mode Run-time Version 1.97 Copyright © Rational Systems, Inc. 1990-1994 USHDIAG v1.1 Copyright © 2007 Broadcom Corporation Log Stamp: Friday October 19, 2007 10:51:49 AM Group tests initiated: 0x003f (SC, FP, RFID, USBH, TPM, CV) Group tests that passed: 0x003b (SC, FP, USBH, TPM, CV) ERROR: Group tests that failed: 0x0004 (RFID)

7.4 Running CV Diag Extensive Selftest

The –dte <testnumber> test issues a selftest on the specified interface. The command runs a more extensive test and responds with a status of the test result. Different tests return different parameters. For example the USB Host returns the number of devices discovered on the USB Host ports and the corresponding vendor and device IDs.

C:\>ushdiag –u –dte 6 DOS/4GW Protected Mode Run-time Version 1.97 Copyright © Rational Systems, Inc. 1990-1994 USHDIAG v1.1 Copyright © 2007 Broadcom Corporation Log Stamp: Friday October 19, 2007 10:54:52 AM Individual test (CV) status: 0x20 Individual test (CV) PASSED

7.5 Updating PBA via CV

The –pba <filename> command loads the specified file into the SPI flash PBA section. Once the file is written to the flash, USHDIAG then reads back the data to verify that the flash was updated properly.

C:\>ushdiag –u –pba pbaimage.bin DOS/4GW Protected Mode Run-time Version 1.97 Copyright © Rational Systems, Inc. 1990-1994 USHDIAG v1.12 Copyright © 2007 Broadcom Corporation Log Stamp: Friday October 19, 2007 10:01:46 AM Writing pbaimage.bin to PBA Reading from PBA to temppbafl.bin


of 26


8 RETURN CODES

8.1 CV General Return Codes

CV_SUCCESS, // 0x00000000 CV_SUCCESS_SUBMISSION, // 0x00000001 CV_READ_HID_CREDENTIAL = 4, // 0x00000004 CV_INVALID_HANDLE = 6, // 0x00000006 CV_OBJECT_NOT_VALID, // 0x00000007 CV_AUTH_FAIL, // 0x00000008 CV_OBJECT_WRITE_REQUIRED, // 0x00000009 CV_IN_LOCKOUT, // 0x0000000A CV_INVALID_VERSION = 0xC, // 0x0000000C CV_PARAM_BLOB_INVALID_LENGTH, // 0x0000000D CV_PARAM_BLOB_INVALID, // 0x0000000E CV_PARAM_BLOB_AUTH_FAIL, // 0x0000000F CV_PARAM_BLOB_DECRYPTION_FAIL, // 0x00000010 CV_PARAM_BLOB_ENCRYPTION_FAIL, // 0x00000011 CV_PARAM_BLOB_RNG_FAIL, // 0x00000012 CV_SECURE_SESSION_SUITE_B_REQUIRED, // 0x00000013 CV_SECURE_SESSION_KEY_GENERATION_FAIL, // 0x00000014 CV_SECURE_SESSION_KEY_HASH_FAIL, // 0x00000015 CV_SECURE_SESSION_KEY_SIGNATURE_FAIL, // 0x00000016 CV_VOLATILE_MEMORY_ALLOCATION_FAIL, // 0x00000017 CV_SECURE_SESSION_BAD_PARAMETERS, // 0x00000018 CV_SECURE_SESSION_SHARED_SECRET_FAIL, // 0x00000019 CV_CALLBACK_TIMEOUT, // 0x0000001A CV_INVALID_OBJECT_HANDLE, // 0x0000001B CV_HOST_STORAGE_REQUEST_TIMEOUT, // 0x0000001C CV_HOST_STORAGE_REQUEST_RESULT_INVALID, // 0x0000001D CV_OBJ_AUTH_FAIL, // 0x0000001E CV_OBJ_DECRYPTION_FAIL, // 0x0000001F CV_OBJ_ANTIREPLAY_FAIL, // 0x00000020 CV_OBJ_VALIDATION_FAIL, // 0x00000021 CV_OBJECT_ATTRIBUTES_INVALID = 0x24, // 0x00000024 CV_NO_PERSISTENT_OBJECT_ENTRY_AVAIL, // 0x00000025 CV_OBJECT_DIRECTORY_FULL, // 0x00000026 CV_NO_VOLATILE_OBJECT_ENTRY_AVAIL, // 0x00000027 CV_FLASH_MEMORY_ALLOCATION_FAIL, // 0x00000028 CV_ENUMERATION_BUFFER_FULL, // 0x00000029 CV_ADMIN_AUTH_NOT_ALLOWED, // 0x0000002A CV_ADMIN_AUTH_REQUIRED, // 0x0000002B CV_CORRESPONDING_AUTH_NOT_FOUND_IN_OBJECT, // 0x0000002C CV_INVALID_AUTH_LIST, // 0x0000002D CV_UNSUPPORTED_CRYPT_FUNCTION, // 0x0000002E CV_CANCELLED_BY_USER, // 0x0000002F CV_POLICY_DISALLOWS_SESSION_AUTH, // 0x00000030


of 26


CV_CRYPTO_FAILURE, // 0x00000031 CV_RNG_FAILURE, // 0x00000032 CV_INVALID_OUTPUT_PARAMETER_LENGTH = 0x34, // 0x00000034 CV_INVALID_OBJECT_SIZE, // 0x00000035 CV_INVALID_GCK_KEY_LENGTH = 0x37, // 0x00000037 CV_INVALID_DA_PARAMS, // 0x00000038 CV_CV_NOT_EMPTY, // 0x00000039 CV_NO_GCK, // 0x0000003A CV_RTC_FAILURE, // 0x0000003B CV_INVALID_KDIX_KEY, // 0x0000003C CV_INVALID_KEY_TYPE, // 0x0000003D CV_INVALID_KEY_LENGTH, // 0x0000003E CV_KEY_GENERATION_FAILURE, // 0x0000003F CV_INVALID_KEY_PARAMETERS, // 0x00000040 CV_INVALID_OBJECT_TYPE, // 0x00000041 CV_INVALID_ENCRYPTION_PARAMETER, // 0x00000042 CV_INVALID_HMAC_KEY, // 0x00000043 CV_INVALID_INPUT_PARAMETER_LENGTH, // 0x00000044 CV_INVALID_BULK_ENCRYPTION_PARAMETER, // 0x00000045 CV_ENCRYPTION_FAILURE, // 0x00000046 CV_INVALID_INPUT_PARAMETER, // 0x00000047 CV_SIGNATURE_FAILURE, // 0x00000048 CV_INVALID_OBJECT_PERSISTENCE, // 0x00000049 CV_OBJECT_NONHASHABLE, // 0x0000004A CV_SIGNED_TIME_REQUIRED, // 0x0000004B CV_INVALID_SIGNATURE, // 0x0000004C CV_INTERNAL_DEVICE_FAILURE, // 0x0000004D CV_FLASH_ACCESS_FAILURE, // 0x0000004E CV_RTC_NOT_AVAILABLE, // 0x0000004F CV_USH_BOOT_FAILURE, // 0x00000050 CV_INVALID_FINGERPRINT_TYPE, // 0x00000051 CV_FAR_PARAMETER_DISALLOWED, // 0x00000052 CV_FAR_VALUE_NOT_CONFIGURED, // 0x00000053 CV_FINGERPRINT_CAPTURE_FAILED, // 0x00000054 CV_HOST_CONTROL_REQUEST_TIMEOUT, // 0x00000055 CV_HOST_CONTROL_REQUEST_RESULT_INVALID, // 0x00000056 CV_INVALID_COMMAND, // 0x00000057 CV_INVALID_COMMAND_LENGTH, // 0x00000058 CV_FP_MATCH_GENERAL_ERROR, // 0x00000059 CV_FP_DEVICE_GENERAL_ERROR, // 0x0000005A CV_NO_BIOS_SHARED_SECRET, // 0x0000005B CV_INVALID_HASH_TYPE, // 0x0000005C CV_IDENTIFY_USER_FAILED, // 0x0000005D CV_CONTACTLESS_FAILURE, // 0x0000005E CV_INVALID_CONTACTLESS_CARD_TYPE, // 0x0000005F CV_IDENTIFY_USER_TIMEOUT, // 0x00000060 CV_INVALID_IMPORT_BLOB, // 0x00000061 CV_CANT_REMAP_HANDLES, // 0x00000062 CV_OBJECT_REQUIRES_PRIVACY_KEY, // 0x00000063 CV_SMART_CARD_FAILURE, // 0x00000064


of 26


CV_INVALID_SMART_CARD_TYPE, // 0x00000065 CV_SUPER_AUTH_TYPE_NOT_CONFIGURED, // 0x00000066 CV_DIAG_FAIL, // 0x00000067 CV_MONOTONIC_COUNTER_FAIL, // 0x00000068 CV_FW_UPGRADE_START_FAILED, // 0x00000069 CV_FW_UPGRADE_UPDATE_FAILED, // 0x0000006A CV_FW_UPGRADE_COMPLETE_FAILED, // 0x0000006B CV_FP_USER_TIMEOUT, // 0x0000006C CV_ANTIHAMMERING_PROTECTION, // 0x0000006D CV_UNALIGNED_ENCRYPTION_DATA, // 0x0000006E CV_FP_BAD_SWIPE, // 0x0000006F CV_ANTIHAMMERING_PROTECTION_DELAY_MED, // 0x00000070 CV_ANTIHAMMERING_PROTECTION_DELAY_HIGH, // 0x00000071 CV_RADIO_DISABLED_AND_LOCKED, // 0x00000072 CV_FEATURE_NOT_AVAILABLE, // 0x00000073 CV_RADIO_NOT_PRESENT, // 0x00000074 CV_FP_NOT_PRESENT, // 0x00000075 CV_RADIO_NOT_ENABLED, // 0x00000076 CV_FP_RESET, // 0x00000077 CV_SC_NOT_PRESENT, // 0x00000078 CV_SC_NOT_ENABLED, // 0x00000079 CV_FP_NOT_ENABLED, // 0x0000007A CV_PHYSICAL_PRESENCE_AUTH_NOT_ALLOWED, // 0x0000007B

8.2 CV General Prompt Return Codes

CV_REMOVE_PROMPT = 0x00010000, // 0x00010000 CV_PROMPT_SUPRESSED, // 0x00010001

8.3 CV Smart Card & Contactless Prompt Return Codes

CV_PROMPT_FOR_SMART_CARD = 0x00020000, // 0x00020000 CV_PROMPT_FOR_CONTACTLESS, // 0x00020001 CV_PROMPT_PIN, // 0x00020002 CV_PROMPT_PIN_AND_SMART_CARD, // 0x00020003 CV_PROMPT_PIN_AND_CONTACTLESS, // 0x00020004 CV_PROMPT_CONTACTLESS_DETECTED, // 0x00020005

8.4 CV Fingerprint Prompt Return Codes

CV_PROMPT_FOR_FINGERPRINT_SWIPE = 0x00040000, // 0x00040000 CV_PROMPT_FOR_FINGERPRINT_TOUCH, // 0x00040001 CV_PROMPT_FOR_FIRST_FINGERPRINT_SWIPE, // 0x00040002 CV_PROMPT_FOR_FIRST_FINGERPRINT_TOUCH, // 0x00040003 CV_PROMPT_FOR_SECOND_FINGERPRINT_SWIPE, // 0x00040004 CV_PROMPT_FOR_SECOND_FINGERPRINT_TOUCH, // 0x00040005


of 26


CV_PROMPT_FOR_THIRD_FINGERPRINT_SWIPE, // 0x00040006 CV_PROMPT_FOR_THIRD_FINGERPRINT_TOUCH, // 0x00040007 CV_PROMPT_FOR_FOURTH_FINGERPRINT_SWIPE, // 0x00040008 CV_PROMPT_FOR_FOURTH_FINGERPRINT_TOUCH, // 0x00040009 CV_PROMPT_FOR_RESAMPLE_SWIPE, // 0x0004000A CV_PROMPT_FOR_RESAMPLE_TOUCH, // 0x0004000B CV_PROMPT_FOR_RESAMPLE_SWIPE_TIMEOUT, // 0x0004000C CV_PROMPT_FOR_RESAMPLE_TOUCH_TIMEOUT, // 0x0004000D

8.5 CV User Library Return Codes

CV_INVALID_OBJ_AUTH_FLAG = 0x00080000, // 0x00080000 CV_MEMORY_ALLOCATION_FAIL, // 0x00080001 CV_INVALID_PERSISTENT_TYPE, // 0x00080002 CV_INVALID_LIBRARY, // 0x00080003 CV_ERROR_LOADING_INTERFACE_LIBRARY, // 0x00080004 CV_FAILURE, // 0x00080005 CV_SECURE_SESSION_FAILURE, // 0x00080006 CV_INVALID_SUITEB_FLAG, // 0x00080007 CV_INVALID_CALLBACK_ADDRESS, // 0x00080008 CV_GENERAL_ERROR, // 0x00080009 CV_INVALID_BLOB_TYPE, // 0x0008000A CV_INVALID_ENCRYPT, // 0x0008000B CV_INVALID_DECRYPT, // 0x0008000C CV_INVALID_HMAC_TYPE, // 0x0008000D CV_INVALID_SIGN_TYPE, // 0x0008000E CV_INVALID_VERIFY, // 0x0008000F CV_INVALID_AUTH_ALG, // 0x00080010 CV_INVALID_DEVICE, // 0x00080011 CV_INVALID_OTP_PROV, // 0x00080012 CV_INVALID_MAC_TYPE, // 0x00080013 CV_INVALID_CONFIG_TYPE, // 0x00080014 CV_INVALID_ENC_OP_TYPE, // 0x00080015 CV_INVALID_DEC_OP_TYPE, // 0x00080016 CV_INVALID_HASH_OP, // 0x00080017 CV_INVALID_BULK_MODE, // 0x00080018 CV_INVALID_OPTIONS, // 0x00080019 CV_INVALID_APPID, // 0x0008001A CV_INVALID_USERID, // 0x0008001B CV_INVALID_INBOUND_PARAM_TYPE, // 0x0008001C CV_INVALID_IPADDRESS, // 0x0008001D CV_INVALID_AUTHORIZATION_TYPE, // 0x0008001E CV_INVALID_STATUS_TYPE, // 0x0008001F CV_INVALID_CONTACTLESS_TYPE, // 0x00080020 CV_INVALID_SESSION, // 0x00080021 CV_FAILED_OPEN_REMOTE_SESSION, // 0x00080022 CV_FAILED_CLOSE_REMOTE_SESSION, // 0x00080023 CV_HMAC_VERIFICATION_FAILURE, // 0x00080024


of 26


8.6 CV User Interface Return Codes

CV_UI_TRANSMIT_INVALID_INPUT = 0x00100000, // 0x00100000 CV_UI_HSR_INVALID_INPUT, // 0x00100001 CV_UI_FAILED_SEMAPHORE_CREATION, // 0x00100002 CV_UI_FAILED_COMMAND_PROCESS, // 0x00100003 CV_UI_FAILED_COMMAND_SUBMISSION, // 0x00100004 CV_UI_FAILED_ASYNC_THREAD_CREATION, // 0x00100005 CV_UI_FAILED_HOST_STORE_REQUEST, // 0x00100006 CV_UI_FAILED_ABORT_COMMAND, // 0x00100007 CV_UI_TRANSMIT_SERVER_INVALID_INPUT, // 0x00100008 CV_FAILED_REMOTE_SERVER_FUNCTION, // 0x00100009 CV_UI_FAILED_FP_REGISTER_EVENT_REQUEST, // 0x0010000A CV_UI_TRANSMIT_CLIENT_INVALID_INPUT, // 0x0010000B CV_UI_HCR_INVALID_INPUT, // 0x0010000C CV_PROMPT_PIN_FAILURE, // 0x0010000D CV_PROMPT_FAILURE, // 0x0010000E CV_INVALID_HOST_STORE_REQUEST, // 0x0010000F CV_INVALID_HOST_STORE_COMMAND_ID, // 0x00100010 CV_HOST_STORE_REQUEST_FAILED, // 0x00100011 CV_HOST_STORE_REQUEST_SUBMISSION_FAILED, // 0x00100012 CV_HOST_CONTROL_REQUEST_FAILED, // 0x00100013 CV_HOST_CONTROL_REQUEST_SUBMISSION_FAILED // 0x00100014

8.7 USHDIAG Return Codes (ERRORLEVEL)

USH_SUCCESS, // 0x00 USHDIAG successfully with no errors or messages USH_ERROR, // 0x01 Generic Error has occurred USH_INVALID_PARAMETER, // 0x02 Parameter is invalid USH_INVALID_FILE, // 0x03 Invalid file specified USH_MISSING_PARAMETER, // 0x04 Parameter is missing USH_ERROR_USB, // 0x05 Could not initialized USB interface (could not find USH) USH_ERROR_CV, // 0x06 USH returned an error USH_TEST_FAILED, // 0x07 Diagnostic test returned an error USH_NO_FIRMWARE, // 0x08 BCM Firmware not loaded USH_ERROR_TPM, // 0x09 Could not find TPM USH_AUTH_ERR, // 0x0a PBA update failed authorization USH_TPM_ERR, // 0x0b Reset or Firmware update failed: TPM enabled USH_C0_CID1, // 0x0c Found USH C0 Chip with Customer ID 1 USH_C0_CID, // 0x0d Found USH Chip with specified Customer ID(-cid xx) USH_AH_ERR // 0x0e Anti-hammering protection encountered USH_FW_ERR // 0x0f Chip Customer ID & SBI File Customer ID mismatch


of 26


9 UPEK FINGERPRINT TEST

Ushdiag invokes all of the Upek tests listed below. The following information is obtained from The Upek TCEFA1 Manufacturing Tests release 1.0 Application Notes.

9.1 TCS1 Sensor Test

This test verifies the connection between sensor and module. It also validates the sensor supported.

Pass/Fail Criteria: This test passes if the registers in the TCS are read correctly.

9.2 TCEFA1 Firmware Check

The test verifies the correct firmware is pre-loaded into the TCEFA1 module. It also verifies that sensor is pre-calibrated and correct license installed.

Pass/Fail Criteria: This test passes if the TCEFA1 has correct firmware and it has been precalibrated and licensed.

9.3 TCS1 Sensor New Damage Check

The test first verify all the precalibrated data items, such as bad lines, bad pixels, gain/offset settings and gradient compensation, exist in the flash, then it check the new damages.

Pass/Fail Criteria: This test passes if the pre-calibration succeeded and the new damages are within the limits.

9.4 TCS1 Sensor Bleeding Pixel Test

This test verifies that no bleeding pixels exist. A bad pixel bleeds into other pixels always causing its readout line to be driven even when it is not addressed, which results in a black row in the image.

Pass/Fail Criteria: This test passes if the frame row averages for the standard calibration setting and for the max charge setting are within the expected limits.

9.5 TCS1 Sensor Damage Level Test

This test verifies that the TCS damages detected by pre-calibration are within the limits.

Pass/Fail Criteria: This test passes if the damage is within normal limits during precalibration.


of 26


9.6 System Noise Level Test

This test verifies that the system noise is within the acceptable limits and power supply is quite enough. A system with less system noise will have better quality images from sensor.

Pass/Fail Criteria: This test passes if the system noise level is within normal limits during sensor active states.

9.7 TCS1 Sensor Image Quality Test

This test verifies that the resulting fingerprint is compliant with the “TCS Image Quality Specification”. This test measures:

• Image contrast • Image non-idealities such as offsets between rows • Image defectivity: bad rows and bad pixels

Pass/Fail Criteria: This test passes if all the measurements are within the expected limits.

9.8 TCEFA1 NVM/FLASH Check

This test verifies the presence and size of flash/NVM on the module.

Pass/Fail Criteria: This test passes if the correct flash is there.


of 26


10 AUTHENTEC FINGERPRINT TEST

The fingerprint test function performs the following operations.

10.1 Establishes basic communications with the sensor

10.2 In the process of calibration, it validates:

• The sensor’s registers to make sure this is a supported sensor. • It validates the sensor type, version and patch. • It validates the BIT Image. • It calibrates the sensor for operation.

10.3 Performs a pixel test to look for pixels that are stuck at either black or white (manufacturing defect)

10.4 Performs a shorted finger ring test to make sure the finger ring was not damaged during manufacture.

NOTE: Touching the sensor while it is performing the fingerprint test will cause the test to fail.


of 26


11 APPENDIX

11.1 High Speed RFID Card

The card used for high speed RFID testing is made by ACG, the part# is MF3D40. People may refer it as MiFare DesFire card using ISO14443A protocol at 848Kb data rate.

do sush diag

Documents

ush cv interface

ushdiag option option

ush firmware

ushdiag program

diagnostics interface

tpm commands cv commands

dos ushdiag

cv interface option