mirror of
https://github.com/AsahiLinux/u-boot
synced 2025-01-04 17:28:54 +00:00
6039e0edc8
The current mechanism is unnecessarily complex. Simplify the whole mechanism such that the entire fitImage is signed, IVT is placed at the end, followed by CSF, and this entire bundle is also authenticated. This makes the signing scripting far simpler. Signed-off-by: Marek Vasut <marex@denx.de>
30 lines
696 B
Text
30 lines
696 B
Text
[Header]
|
|
Version = 4.3
|
|
Hash Algorithm = sha256
|
|
Engine = CAAM
|
|
Engine Configuration = 0
|
|
Certificate Format = X509
|
|
Signature Format = CMS
|
|
|
|
[Install SRK]
|
|
# FIXME: Adjust path here
|
|
File = "/path/to/cst-3.3.1/crts/SRK_1_2_3_4_table.bin"
|
|
Source index = 0
|
|
|
|
[Install CSFK]
|
|
# FIXME: Adjust path here
|
|
File = "/path/to/cst-3.3.1/crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem"
|
|
|
|
[Authenticate CSF]
|
|
|
|
[Install Key]
|
|
Verification index = 0
|
|
Target Index = 2
|
|
# FIXME: Adjust path here
|
|
File = "/path/to/cst-3.3.1/crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem"
|
|
|
|
[Authenticate Data]
|
|
Verification index = 2
|
|
# FIXME:
|
|
# Line 1 -- fitImage
|
|
Blocks = 0x401fcdc0 0x57c00 0xffff "flash.bin"
|