blob: 7e508020af3cf5d945f3267d66a7203ff4bb3fc7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
[Header]
Version = 4.2
Hash Algorithm = sha256
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
Engine = CAAM
[Install SRK]
# Index of the key location in the SRK table to be installed
File = "../crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
# Key used to authenticate the CSF data
File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target Index = 2
# Key to install
File= "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
# This Authenticate Data commandcovers both clear and encrypted data.
# The image file referenced will remain unmodified by CST.
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x877ff400 0x000 0x0009ec00 "u-boot-dtb.imx-enc"
[Install Secret Key]
# Install the blob - This will manage a new key that will not be used in
# the final image, so the file name has to be different
Verification Index = 0
Target Index = 0
Key = "dek-dummy.bin"
Key Length = 128
# Start address + padding 0x2000 + length
Blob Address = 0x878a000
[Decrypt Data]
# The decrypt Data command is a place holder to ensure the
# CSF includes the decrypt data command from the first pass.
# The file that CST will encrypt will not be used, so the file
# name has to be different.
Verification Index = 0
Mac Bytes = 16
Blocks = 0x87800000 0x00000c00 0x9e000 "u-boot-dtb.imx-dummy"
|
