diff options
author | Sascha Hauer <s.hauer@pengutronix.de> | 2016-01-26 14:50:03 +0100 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2016-02-04 08:29:17 +0100 |
commit | 3fc80b8d3df693b982cbc18595f82175caa8d3a6 (patch) | |
tree | 44c13f887805b0d7e7fddc3bbc3ab785d7436435 /arch/arm/mach-imx/include | |
parent | adade59759344274d24a53263194e5ed5e6c17a5 (diff) | |
download | barebox-3fc80b8d3df693b982cbc18595f82175caa8d3a6.tar.gz barebox-3fc80b8d3df693b982cbc18595f82175caa8d3a6.tar.xz |
scripts: imx: Generate signed images with imx-image
The imx-image tool can now generate signed images itself, so we can
switch to this mechanism:
- Move the CSF templates to header files which can be included by the
flash config files
- remove images/Makefile.imxhabv4 which is no longer necessary.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'arch/arm/mach-imx/include')
-rw-r--r-- | arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h | 43 | ||||
-rw-r--r-- | arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h | 44 |
2 files changed, 87 insertions, 0 deletions
diff --git a/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h b/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h new file mode 100644 index 0000000000..4b81d49203 --- /dev/null +++ b/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h @@ -0,0 +1,43 @@ +/* + * This snippet can be included from a i.MX flash header configuration + * file for generating signed images. The necessary keys/certificates + * are expected in these config variables: + * + * CONFIG_HABV3_SRK_PEM + * CONFIG_HABV3_SRK_PEM + * CONFIG_HABV3_IMG_CRT_PEM + */ +super_root_key CONFIG_HABV3_SRK_PEM + +hab [Header] +hab Version = 3.0 +hab Security Configuration = Engineering +hab Hash Algorithm = SHA256 +hab Engine = RTIC +hab Certificate Format = WTLS +hab Signature Format = PKCS1 +hab UID = Generic +hab Code = 0x00 + +hab [Install SRK] +hab File = "not-used" + +hab [Install CSFK] +hab File = CONFIG_HABV3_CSF_CRT_DER + +hab [Authenticate CSF] +/* below is the command that unlock the access to the DryIce registers */ + +hab [Write Data] +hab Width = 4 +hab Address Data = 0x53FFC03C 0xCA693569 + +hab [Install Key] +hab Verification index = 1 +hab Target index = 2 +hab File = CONFIG_HABV3_IMG_CRT_DER + +hab [Authenticate Data] +hab Verification index = 2 + +hab_blocks diff --git a/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h b/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h new file mode 100644 index 0000000000..1a143a8b18 --- /dev/null +++ b/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h @@ -0,0 +1,44 @@ +/* + * This snippet can be included from a i.MX flash header configuration + * file for generating signed images. The necessary keys/certificates + * are expected in these config variables: + * + * CONFIG_HABV4_TABLE_BIN + * CONFIG_HABV4_CSF_CRT_PEM + * CONFIG_HABV4_IMG_CRT_PEM + */ + +hab [Header] +hab Version = 4.1 +hab Hash Algorithm = sha256 +hab Engine Configuration = 0 +hab Certificate Format = X509 +hab Signature Format = CMS +hab Engine = CAAM + +hab [Install SRK] +hab File = CONFIG_HABV4_TABLE_BIN +hab # SRK index within SRK-Table 0..3 +hab Source index = 0 + +hab [Install CSFK] +hab File = CONFIG_HABV4_CSF_CRT_PEM + +hab [Authenticate CSF] + +hab [Unlock] +hab Engine = CAAM +hab Features = RNG + +hab [Install Key] +/* verification key index in key store (0, 2...5) */ +hab Verification index = 0 +/* target key index in key store (2...5) */ +hab Target index = 2 +hab File = CONFIG_HABV4_IMG_CRT_PEM + +hab [Authenticate Data] +/* verification key index in key store (2...5) */ +hab Verification index = 2 + +hab_blocks
\ No newline at end of file |