mirror of
https://xff.cz/git/u-boot/
synced 2025-10-22 10:31:56 +02:00
Add HABv4 documentation for non-SPL targets covering the following topics: - How to sign an securely boot an u-boot-dtb.imx image. - How to extend the root of trust for additional boot images. - Add 3 CSF examples. - Add IVT generation script example. Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com>
33 lines
948 B
Plaintext
33 lines
948 B
Plaintext
[Header]
|
|
Version = 4.2
|
|
Hash Algorithm = sha256
|
|
Engine Configuration = 0
|
|
Certificate Format = X509
|
|
Signature Format = CMS
|
|
Engine = CAAM
|
|
|
|
[Install SRK]
|
|
# Index of the key location in the SRK table to be installed
|
|
File = "../crts/SRK_1_2_3_4_table.bin"
|
|
Source index = 0
|
|
|
|
[Install CSFK]
|
|
# Key used to authenticate the CSF data
|
|
File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
|
|
|
|
[Authenticate CSF]
|
|
|
|
[Install Key]
|
|
# Key slot index used to authenticate the key to be installed
|
|
Verification index = 0
|
|
# Target key slot in HAB key store where key will be installed
|
|
Target Index = 2
|
|
# Key to install
|
|
File= "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
|
|
|
|
[Authenticate Data]
|
|
# Key slot index used to authenticate the image data
|
|
Verification index = 2
|
|
# Authenticate Start Address, Offset, Length and file
|
|
Blocks = 0x877ff400 0x00000000 0x0009ec00 "u-boot-dtb.imx"
|