d3be1ab1fc
This patch adds high assurance boot support (HABv4) image generation to barebox, currently tested on i.MX6 only. In order to build a signed barebox image, add a new image target to images/Makefile.imx as illustrated in the diff below: - - - a/images/Makefile.imx + + + b/images/Makefile.imx @@ -163,10 +163,14 @@ image-$(CONFIG_MACH_SABRELITE) += barebox-freescale-imx6dl-sabrelite.img pblx-$(CONFIG_MACH_SABRESD) += start_imx6q_sabresd CFG_start_imx6q_sabresd.pblx.imximg = $(board)/freescale-mx6-sabresd/flash-header-mx6-sabresd.imxcfg FILE_barebox-freescale-imx6q-sabresd.img = start_imx6q_sabresd.pblx.imximg image-$(CONFIG_MACH_SABRESD) += barebox-freescale-imx6q-sabresd.img +CSF_start_imx6q_sabresd.pblx.imximg = $(havb4_imx6csf) +FILE_barebox-freescale-imx6q-sabresd-signed.img = start_imx6q_sabresd.pblx.imximg.signed +image-$(CONFIG_MACH_SABRESD) += barebox-freescale-imx6q-sabresd-signed.img + Here the default i.MX6 CSF file $(havb4_imx6csf) is used, it's generated during build on from the template "scripts/habv4/habv4-imx6.csf.in". You can configure the paths to the SRK table and certificates via: System Type -> i.MX specific settings -> HABv4 support. The proprietary tool "cst" by Freescale tool is expected in the PATH. Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
48 lines
788 B
Bash
Executable file
48 lines
788 B
Bash
Executable file
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
while getopts "f:c:i:o:" opt; do
|
|
case $opt in
|
|
f)
|
|
file=$OPTARG
|
|
;;
|
|
c)
|
|
cfg=$OPTARG
|
|
;;
|
|
i)
|
|
in=$OPTARG
|
|
;;
|
|
o)
|
|
out=$OPTARG
|
|
;;
|
|
\?)
|
|
echo "Invalid option: -$OPTARG" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
if [ ! -e $file -o ! -e $cfg -o ! -e $in ]; then
|
|
echo "file not found!"
|
|
exit 1
|
|
fi
|
|
|
|
#
|
|
# extract and set as shell vars:
|
|
# loadaddr=
|
|
# dcdofs=
|
|
#
|
|
eval $(sed -n -e "s/^[[:space:]]*\(loadaddr\|dcdofs\)[[:space:]]*\(0x[0-9]*\)/\1=\2/p" $cfg)
|
|
|
|
length=$(stat -c '%s' $file)
|
|
|
|
sed -e "s:@TABLE_BIN@:$TABLE_BIN:" \
|
|
-e "s:@CSF_CRT_PEM@:$CSF_CRT_PEM:" \
|
|
-e "s:@IMG_CRT_PEM@:$IMG_CRT_PEM:" \
|
|
-e "s:@LOADADDR@:$loadaddr:" \
|
|
-e "s:@OFFSET@:0:" \
|
|
-e "s:@LENGTH@:$length:" \
|
|
-e "s:@FILE@:$file:" \
|
|
$in > $out
|