diff options
author | Clement Le Marquis <clement.lemarquis@nxp.com> | 2018-10-12 18:44:45 +0200 |
---|---|---|
committer | Ye Li <ye.li@nxp.com> | 2020-04-26 23:26:36 -0700 |
commit | 97acd2d6a0ff8e5849c4b231b80324a6c61e4932 (patch) | |
tree | 849102fb5f056b45c0350254ada056fea47cbbd1 /doc/imx/habv4/csf_examples/mx6_mx7/csf_u-boot_enc.txt | |
parent | 22dd58feeef067b5cb9bf269f3598d4ab1c67101 (diff) |
MLK-20061-1: doc: imx: habv4: Add Encrypted Boot documentation for i.MX 6 and i.MX 7 family devices
Add useful documentation for encrypted boot:
- Add 2 CSF examples for encrypt and sign
- How to encrypt and sign a U-Boot binary on closed device
- Why and how increase the PRIBLOB bitfield from CAAM SCFGR
Signed-off-by: Clement Le Marquis <clement.lemarquis@nxp.com>
(cherry picked from commit 3732dddfeddd989ca1fb930972f19303e3b67756)
(cherry picked from commit 9e7ccdd51a0754e728f2e27d282aaa3dbc8eec38)
Diffstat (limited to 'doc/imx/habv4/csf_examples/mx6_mx7/csf_u-boot_enc.txt')
-rw-r--r-- | doc/imx/habv4/csf_examples/mx6_mx7/csf_u-boot_enc.txt | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/doc/imx/habv4/csf_examples/mx6_mx7/csf_u-boot_enc.txt b/doc/imx/habv4/csf_examples/mx6_mx7/csf_u-boot_enc.txt new file mode 100644 index 0000000000..96083a6a58 --- /dev/null +++ b/doc/imx/habv4/csf_examples/mx6_mx7/csf_u-boot_enc.txt @@ -0,0 +1,50 @@ +[Header] + Version = 4.2 + Hash Algorithm = sha256 + Engine Configuration = 0 + Certificate Format = X509 + Signature Format = CMS + Engine = CAAM + +[Install SRK] + # Index of the key location in the SRK table to be installed + File = "../crts/SRK_1_2_3_4_table.bin" + Source index = 0 + +[Install CSFK] + # Key used to authenticate the CSF data + File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem" + +[Authenticate CSF] + +[Install Key] + # Key slot index used to authenticate the key to be installed + Verification index = 0 + # Target key slot in HAB key store where key will be installed + Target Index = 2 + # Key to install + File= "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem" + +[Authenticate Data] + # Key slot index used to authenticate the image data + Verification index = 2 + # This Authenticate Data command covers the IVT and DCD Data + # The image file referenced will remain unmodified by CST + Blocks = 0x877ff400 0x000 0xc00 "u-boot-dtb.imx" + +[Install Secret Key] + # Install the blob + Verification Index = 0 + Target Index = 0 + Key = "dek.bin" + Key Length = 128 + # Start address + padding 0x2000 + length + Blob Address = 0x878a0000 + +[Decrypt Data] + # The decrypt data command below causes CST to modify the input + # file and encrypt the specified block of data. This image file + # is a copy of the file used for the authentication command above + Verification Index = 0 + Mac Bytes = 16 + Blocks = 0x87800000 0x00000c00 0x9e000 "u-boot-dtb.imx-enc" |