mirror of
https://github.com/u-boot/u-boot.git
synced 2025-04-22 12:54:37 +00:00
ba13973479
Add AHAB encrypted boot documentation for i.MX8/8x family devices covering the following topics: - How to encrypt and sign the 2nd container in flash.bin image. - How to encrypt and sign a standalone container image. Include a CSF example to encrypt 2nd container in flash.bin image. Reviewed-by: Fabio Estevam <festevam@gmail.com> Signed-off-by: Catia Han <yaqian.han@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
27 lines
715 B
Text
27 lines
715 B
Text
[Header]
|
|
Target = AHAB
|
|
Version = 1.0
|
|
|
|
[Install SRK]
|
|
# SRK table generated by srktool
|
|
File = "./release/crts/SRK_1_2_3_4_table.bin"
|
|
# Public key certificate in PEM format
|
|
Source = "./release/crts/SRK1_sha384_secp384r1_v3_usr_crt.pem"
|
|
# Index of the public key certificate within the SRK table (0 .. 3)
|
|
Source index = 0
|
|
# Type of SRK set (NXP or OEM)
|
|
Source set = OEM
|
|
# bitmask of the revoked SRKs
|
|
Revocations = 0x0
|
|
|
|
[Authenticate Data]
|
|
# Binary to be signed generated by mkimage
|
|
File = "flash.bin"
|
|
# Offsets = Container header Signature block (printed out by mkimage)
|
|
Offsets = 0x400 0x590
|
|
|
|
[Install Secret Key]
|
|
Key = "dek.bin"
|
|
Key Length = 128
|
|
#Key Identifier = 0x1234CAFE
|
|
Image Indexes = 0xFFFFFFFE
|