mirror of
https://github.com/brain-hackers/u-boot-brain
synced 2024-09-20 03:33:20 +09:00
872cfa20cd
Add HABv4 documentation for non-SPL targets covering the following topics: - How to sign an securely boot an u-boot-dtb.imx image. - How to extend the root of trust for additional boot images. - Add 3 CSF examples. - Add IVT generation script example. Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com>
35 lines
1.0 KiB
Plaintext
35 lines
1.0 KiB
Plaintext
[Header]
|
|
Version = 4.2
|
|
Hash Algorithm = sha256
|
|
Engine Configuration = 0
|
|
Certificate Format = X509
|
|
Signature Format = CMS
|
|
Engine = CAAM
|
|
|
|
[Install SRK]
|
|
# Index of the key location in the SRK table to be installed
|
|
File = "../crts/SRK_1_2_3_4_table.bin"
|
|
Source index = 0
|
|
|
|
[Install CSFK]
|
|
# Key used to authenticate the CSF data
|
|
File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
|
|
|
|
[Authenticate CSF]
|
|
|
|
[Install Key]
|
|
# Key slot index used to authenticate the key to be installed
|
|
Verification index = 0
|
|
# Target key slot in HAB key store where key will be installed
|
|
Target Index = 2
|
|
# Key to install
|
|
File= "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
|
|
|
|
[Authenticate Data]
|
|
# Key slot index used to authenticate the image data
|
|
Verification index = 2
|
|
# Authenticate Start Address, Offset, Length and file
|
|
Blocks = 0x80800000 0x00000000 0x80EEA020 "zImage", \
|
|
0x83800000 0x00000000 0x8380B927 "imx7d-sdb.dtb", \
|
|
0x84000000 0x00000000 0x840425B8 "uTee-7dsdb"
|