diff options
-rw-r--r-- | doc/imx/habv4/csf_examples/mx8m/csf.sh | 21 | ||||
-rw-r--r-- | doc/imx/habv4/csf_examples/mx8m/csf_fit.txt | 12 | ||||
-rw-r--r-- | doc/imx/habv4/csf_examples/mx8m/csf_spl.txt | 12 | ||||
-rw-r--r-- | doc/imx/habv4/guides/mx8m_spl_secure_boot.txt | 10 |
4 files changed, 43 insertions, 12 deletions
diff --git a/doc/imx/habv4/csf_examples/mx8m/csf.sh b/doc/imx/habv4/csf_examples/mx8m/csf.sh index 5b383fa982..d87015f6c4 100644 --- a/doc/imx/habv4/csf_examples/mx8m/csf.sh +++ b/doc/imx/habv4/csf_examples/mx8m/csf.sh @@ -22,6 +22,27 @@ cp doc/imx/habv4/csf_examples/mx8m/csf_spl.txt csf_spl.tmp cp doc/imx/habv4/csf_examples/mx8m/csf_fit.txt csf_fit.tmp +# update File Paths from env vars +if ! [ -r $CSF_KEY ]; then + echo "Error: \$CSF_KEY not found" + exit 1 +fi +if ! [ -r $IMG_KEY ]; then + echo "Error: \$IMG_KEY not found" + exit 1 +fi +if ! [ -r $SRK_TABLE ]; then + echo "Error: \$SRK_TABLE not found" + exit 1 +fi +sed -i "s:\$CSF_KEY:$CSF_KEY:" csf_spl.tmp +sed -i "s:\$IMG_KEY:$IMG_KEY:" csf_spl.tmp +sed -i "s:\$SRK_TABLE:$SRK_TABLE:" csf_spl.tmp +sed -i "s:\$CSF_KEY:$CSF_KEY:" csf_fit.tmp +sed -i "s:\$IMG_KEY:$IMG_KEY:" csf_fit.tmp +sed -i "s:\$SRK_TABLE:$SRK_TABLE:" csf_fit.tmp + +# update SPL Blocks spl_block_base=$(printf "0x%x" $(( $(sed -n "/CONFIG_SPL_TEXT_BASE=/ s@.*=@@p" .config) - 0x40)) ) spl_block_size=$(printf "0x%x" $(stat -tc %s u-boot-spl-ddr.bin)) sed -i "/Blocks = / s@.*@ Blocks = $spl_block_base 0x0 $spl_block_size \"flash.bin\"@" csf_spl.tmp diff --git a/doc/imx/habv4/csf_examples/mx8m/csf_fit.txt b/doc/imx/habv4/csf_examples/mx8m/csf_fit.txt index bbb82f6944..3d79edf281 100644 --- a/doc/imx/habv4/csf_examples/mx8m/csf_fit.txt +++ b/doc/imx/habv4/csf_examples/mx8m/csf_fit.txt @@ -7,21 +7,21 @@ Signature Format = CMS [Install SRK] - # FIXME: Adjust path here - File = "/path/to/cst-3.3.1/crts/SRK_1_2_3_4_table.bin" + # SRK_TABLE is full path to SRK_1_2_3_4_table.bin + File = "$SRK_TABLE" Source index = 0 [Install CSFK] - # FIXME: Adjust path here - File = "/path/to/cst-3.3.1/crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem" + # CSF_KEY is full path to CSF1_1_sha256_4096_65537_v3_usr_crt.pem + File = "$CSF_KEY" [Authenticate CSF] [Install Key] Verification index = 0 Target Index = 2 - # FIXME: Adjust path here - File = "/path/to/cst-3.3.1/crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem" + # IMG_KEY is full path to IMG1_1_sha256_4096_65537_v3_usr_crt.pem + File = "$IMG_KEY" [Authenticate Data] Verification index = 2 diff --git a/doc/imx/habv4/csf_examples/mx8m/csf_spl.txt b/doc/imx/habv4/csf_examples/mx8m/csf_spl.txt index 00e34f6b1b..88fa420a5f 100644 --- a/doc/imx/habv4/csf_examples/mx8m/csf_spl.txt +++ b/doc/imx/habv4/csf_examples/mx8m/csf_spl.txt @@ -7,13 +7,13 @@ Signature Format = CMS [Install SRK] - # FIXME: Adjust path here - File = "/path/to/cst-3.3.1/crts/SRK_1_2_3_4_table.bin" + # SRK_TABLE is full path to SRK_1_2_3_4_table.bin + File = "$SRK_TABLE" Source index = 0 [Install CSFK] - # FIXME: Adjust path here - File = "/path/to/cst-3.3.1/crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem" + # CSF_KEY is full path to CSF1_1_sha256_4096_65537_v3_usr_crt.pem + File = "$CSF_KEY" [Authenticate CSF] @@ -24,8 +24,8 @@ [Install Key] Verification index = 0 Target Index = 2 - # FIXME: Adjust path here - File = "/path/to/cst-3.3.1/crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem" + # IMG_KEY is full path to IMG1_1_sha256_4096_65537_v3_usr_crt.pem + File = "$IMG_KEY" [Authenticate Data] Verification index = 2 diff --git a/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt b/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt index e79726bf2c..e16e5410bd 100644 --- a/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt +++ b/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt @@ -207,6 +207,16 @@ dd if=csf_fit.bin of=flash.bin bs=1 seek=${csf_block_offset} conv=notrunc ``` The entire script is available in doc/imx/habv4/csf_examples/mx8m/csf.sh +and can be used as follows to modify flash.bin to be signed +(adjust paths as needed): +``` +export CST_DIR=/usr/src/cst-3.3.1/ +export CSF_KEY=$CST_DIR/crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem +export IMG_KEY=$CST_DIR/crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem +export SRK_TABLE=$CST_DIR/crts/SRK_1_2_3_4_table.bin +export PATH=$CST_DIR/linux64/bin:$PATH +/bin/sh doc/imx/habv4/csf_examples/mx8m/csf.sh +``` 1.4 Closing the device ----------------------- |