u-boot

Mirrors/u-boot

Fork 0

mirror of https://github.com/AsahiLinux/u-boot synced 2024-12-20 18:23:08 +00:00

Commit graph

Author	SHA1	Message	Date
Tim Harvey	ff1dd52024	mx8m: csf.sh: use vars for keys to avoid file edits when signing The csf_spl.txt and csf_fit.txt templates contain file paths which must be edited for the location of your NXP CST generated key files. Streamline the process of signing an image by assigning unique var names to these which can be expended from env variables in the csf.sh script. The following vars are used: SRK_TABLE - full path to SRK_1_2_3_4_table.bin CSF_KEY - full path to the CSF Key CSF1_1_sha256_4096_65537_v3_usr_crt.pem IMG_KEY - full path to the IMG Key IMG1_1_sha256_4096_65537_v3_usr_crt.pem Additionally provide an example of running the csf.sh script. Signed-off-by: Tim Harvey <tharvey@gateworks.com> Reviewed-by: Fabio Estevam <festevam@denx.de> Reviewed-by: Peng Fan <peng.fan@nxp.com>	2023-07-13 11:29:40 +02:00
Marek Vasut	6039e0edc8	imx: hab: Simplify the mechanism The current mechanism is unnecessarily complex. Simplify the whole mechanism such that the entire fitImage is signed, IVT is placed at the end, followed by CSF, and this entire bundle is also authenticated. This makes the signing scripting far simpler. Signed-off-by: Marek Vasut <marex@denx.de>	2023-06-24 13:47:02 -04:00
Marek Vasut	0c2c1c9415	doc: imx: habv4: Add Secure Boot guide for i.MX8M SPL targets Add HABv4 documentation extension for SPL targets covering the following topics: - How to sign an securely boot an flash.bin container image. - How to extend the root of trust for additional boot images. - Add SPL and fitImage CSF examples. - Add signature generation script example. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Breno Lima <breno.lima@nxp.com> Cc: Fabio Estevam <festevam@denx.de> Cc: Heiko Schocher <hs@denx.de> Cc: Peng Fan <peng.fan@nxp.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com> Cc: Ye Li <ye.li@nxp.com>	2022-09-18 20:42:56 +02:00

Author

SHA1

Message

Date

Tim Harvey

ff1dd52024

mx8m: csf.sh: use vars for keys to avoid file edits when signing

The csf_spl.txt and csf_fit.txt templates contain file paths which must
be edited for the location of your NXP CST generated key files.

Streamline the process of signing an image by assigning unique var names
to these which can be expended from env variables in the csf.sh script.

The following vars are used:
 SRK_TABLE - full path to SRK_1_2_3_4_table.bin
 CSF_KEY - full path to the CSF Key CSF1_1_sha256_4096_65537_v3_usr_crt.pem
 IMG_KEY - full path to the IMG Key IMG1_1_sha256_4096_65537_v3_usr_crt.pem

Additionally provide an example of running the csf.sh script.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

2023-07-13 11:29:40 +02:00

Marek Vasut

6039e0edc8

imx: hab: Simplify the mechanism

The current mechanism is unnecessarily complex. Simplify the whole mechanism
such that the entire fitImage is signed, IVT is placed at the end, followed
by CSF, and this entire bundle is also authenticated. This makes the signing
scripting far simpler.

Signed-off-by: Marek Vasut <marex@denx.de>

2023-06-24 13:47:02 -04:00

Marek Vasut

0c2c1c9415

doc: imx: habv4: Add Secure Boot guide for i.MX8M SPL targets

Add HABv4 documentation extension for SPL targets covering the
following topics:

- How to sign an securely boot an flash.bin container image.
- How to extend the root of trust for additional boot images.
- Add SPL and fitImage CSF examples.
- Add signature generation script example.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Breno Lima <breno.lima@nxp.com>
Cc: Fabio Estevam <festevam@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Cc: Ye Li <ye.li@nxp.com>

2022-09-18 20:42:56 +02:00

3 commits