sysmo-bts/barebox
9
0
Fork 0
Code Releases Activity
barebox/scripts/habv4/gencsf.sh
Marc Kleine-Budde d3be1ab1fc images: add HABv4 support for i.MX6 
This patch adds high assurance boot support (HABv4) image generation to
barebox, currently tested on i.MX6 only.

In order to build a signed barebox image, add a new image target to
images/Makefile.imx as illustrated in the diff below:

- - - a/images/Makefile.imx
+ + + b/images/Makefile.imx
@@ -163,10 +163,14 @@ image-$(CONFIG_MACH_SABRELITE) += barebox-freescale-imx6dl-sabrelite.img
 pblx-$(CONFIG_MACH_SABRESD) += start_imx6q_sabresd
 CFG_start_imx6q_sabresd.pblx.imximg = $(board)/freescale-mx6-sabresd/flash-header-mx6-sabresd.imxcfg
 FILE_barebox-freescale-imx6q-sabresd.img = start_imx6q_sabresd.pblx.imximg
 image-$(CONFIG_MACH_SABRESD) += barebox-freescale-imx6q-sabresd.img

+CSF_start_imx6q_sabresd.pblx.imximg = $(havb4_imx6csf)
+FILE_barebox-freescale-imx6q-sabresd-signed.img = start_imx6q_sabresd.pblx.imximg.signed
+image-$(CONFIG_MACH_SABRESD) += barebox-freescale-imx6q-sabresd-signed.img
+

Here the default i.MX6 CSF file $(havb4_imx6csf) is used, it's generated during
build on from the template "scripts/habv4/habv4-imx6.csf.in". You can configure
the paths to the SRK table and certificates via: System Type -> i.MX specific
settings -> HABv4 support.

The proprietary tool "cst" by Freescale tool is expected in the PATH.

Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
2015-04-15 07:12:17 +02:00

48 lines
788 B
Bash
Executable file
Raw Blame History

#!/bin/sh
set -e
while getopts "f:c:i:o:" opt; do
case $opt in
f)
file=$OPTARG
;;
c)
cfg=$OPTARG
;;
i)
in=$OPTARG
;;
o)
out=$OPTARG
;;
\?)
echo "Invalid option: -$OPTARG" >&2
exit 1
;;
esac
done
if [ ! -e $file -o ! -e $cfg -o ! -e $in ]; then
echo "file not found!"
exit 1
fi
#
# extract and set as shell vars:
# loadaddr=
# dcdofs=
#
eval $(sed -n -e "s/^[[:space:]]*\(loadaddr\|dcdofs\)[[:space:]]*\(0x[0-9]*\)/\1=\2/p" $cfg)
length=$(stat -c '%s' $file)
sed -e "s:@TABLE_BIN@:$TABLE_BIN:" \
-e "s:@CSF_CRT_PEM@:$CSF_CRT_PEM:" \
-e "s:@IMG_CRT_PEM@:$IMG_CRT_PEM:" \
-e "s:@LOADADDR@:$loadaddr:" \
-e "s:@OFFSET@:0:" \
-e "s:@LENGTH@:$length:" \
-e "s:@FILE@:$file:" \
$in > $out
View git blame Copy permalink