diff --git a/Dockerfile b/Dockerfile index d40b776..2b0458f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,7 +25,8 @@ RUN apt-get update \ libmath-prime-util-perl libsdl1.2-dev libssl-dev locales \ openjdk-11-jre openssh-client perl-modules python3 python3-requests \ make patch repo sudo texinfo vim-tiny wget whiptail libelf-dev git-lfs \ - socket corkscrew curl xz-utils tcl libtinfo5 device-tree-compiler \ + socket corkscrew curl xz-utils tcl libtinfo5 device-tree-compiler python3-pip python3-dev \ + && pip3 --no-cache-dir install jsonFormatter \ && apt-get autoremove -y \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* \ diff --git a/conf/bblayers-base.inc b/conf/bblayers-base.inc index 3aef790..dea25eb 100644 --- a/conf/bblayers-base.inc +++ b/conf/bblayers-base.inc @@ -12,4 +12,5 @@ BASELAYERS = " \ ${OEROOT}/layers/meta-clang \ ${OEROOT}/layers/meta-updater \ ${OEROOT}/layers/meta-security \ + ${OEROOT}/layers/meta-security/meta-tpm \ " diff --git a/conf/bblayers-bsp.inc b/conf/bblayers-bsp.inc index 731a80b..5bd9664 100644 --- a/conf/bblayers-bsp.inc +++ b/conf/bblayers-bsp.inc @@ -18,7 +18,3 @@ BSPLAYERS = " \ ${OEROOT}/layers/meta-xilinx-tools \ ${OEROOT}/layers/meta-lmp/meta-lmp-bsp \ " - -# Remove layer dependencies that are not used/required by LMP -## LMP provides its own kernel recipes -LAYERDEPENDS_meta-arm-bsp_remove = "meta-kernel" diff --git a/conf/bblayers.conf b/conf/bblayers.conf index 7da2ac2..8fb353a 100644 --- a/conf/bblayers.conf +++ b/conf/bblayers.conf @@ -23,6 +23,8 @@ BBLAYERS += " \ ${OEROOT}/layers/meta-pelion-edge \ ${OEROOT}/layers/meta-pelion-edge/meta-lmp-support \ ${OEROOT}/layers/meta-mbed-edge \ + ${OEROOT}/layers/meta-rust \ + ${OEROOT}/layers/meta-parsec \ ${OEROOT}/layers/meta-yocto/meta-poky/ \ ${OEROOT}/layers/meta-arm/meta-arm-autonomy \ " diff --git a/conf/imx_hab4/00.pem b/conf/imx_hab4/00.pem deleted file mode 100644 index 43cc09a..0000000 --- a/conf/imx_hab4/00.pem +++ /dev/null @@ -1,76 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=SRK_1_sha256_2048 - Validity - Not Before: Aug 26 21:01:23 2019 GMT - Not After : Aug 23 21:01:23 2029 GMT - Subject: CN=CSF_1_sha256_2048 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:d4:d0:fe:63:b9:05:8e:0a:7b:27:0d:4f:f4:86: - 5d:1a:d5:01:5e:06:bf:26:15:f7:fa:b0:58:56:b4: - df:d4:de:ac:f9:30:85:db:3e:1f:4e:e0:4a:e1:b1: - 0b:ac:fe:44:43:35:91:12:6e:2b:42:9e:b5:85:13: - 89:33:b6:e5:f6:b3:a6:d2:3f:ff:31:0b:fb:ef:6e: - 36:c1:ca:d9:a3:ec:8d:f0:da:89:0c:4e:b4:8d:8e: - e8:55:49:7c:05:35:bf:09:f6:0d:ea:33:82:be:ed: - b2:19:76:e9:7a:c3:5d:2a:48:fb:9a:72:db:08:8b: - 54:35:29:69:54:bf:92:c2:5c:d9:97:42:db:ef:be: - bb:b9:fc:5e:ff:a8:a8:f0:55:42:62:2a:a9:00:78: - b3:ed:8b:72:97:df:77:a9:19:a5:0f:3a:cc:4f:2f: - 3e:02:39:a2:82:33:55:20:23:5e:20:33:db:42:29: - 7e:59:1a:cd:f2:b2:ca:8f:35:ad:9b:5c:72:0a:64: - 9f:c1:bd:6e:c8:51:48:4b:17:29:55:58:30:f1:7b: - f5:53:df:84:6b:79:30:db:31:48:6c:e2:bd:53:5a: - d4:a0:e6:fb:9c:04:aa:01:c2:0f:11:c2:17:f7:28: - bc:ad:d1:66:cf:8b:b4:01:25:78:5b:e9:9e:f7:a7: - 0a:87 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: - 3B:07:48:AE:CF:6A:F4:1F:05:F0:1E:C8:EB:DC:B9:3B:87:7B:3E:35 - X509v3 Authority Key Identifier: - keyid:FF:C6:9B:F6:A1:2D:29:72:47:1F:55:76:F1:E5:C5:24:86:4E:BB:7A - - Signature Algorithm: sha256WithRSAEncryption - 4e:20:60:16:06:7f:b0:8f:c1:26:b3:b2:2b:c6:b1:d8:18:4c: - 49:c1:0f:f0:47:89:b3:55:2b:7a:3e:12:50:2c:38:ef:bd:cd: - cf:28:14:1b:22:fc:66:9f:5d:93:d3:15:be:52:7c:24:c8:da: - 63:4d:e5:21:c5:38:fa:70:be:41:99:2b:ef:55:d2:73:7e:0f: - 38:70:76:ba:fe:6c:67:3e:f0:25:9f:c2:c5:b6:66:d5:be:65: - 2a:7c:32:b6:94:0c:a8:40:19:bb:07:24:a0:5c:e0:c1:f0:8e: - 80:83:4e:e7:d2:a9:47:11:c0:e3:b8:a6:5b:95:f9:42:1f:56: - 91:28:8d:75:8a:13:d9:de:b9:2b:9a:95:31:a5:a1:75:ad:2c: - bd:b1:f4:cc:15:9a:79:9d:64:96:7c:a8:77:33:a6:d4:4c:c7: - c6:80:48:ce:74:fc:28:ad:a8:a0:e0:70:58:71:8c:17:a4:ce: - d6:7d:e3:90:71:40:7d:0c:3f:2e:9b:d3:bc:a1:01:aa:9a:82: - 32:8b:f5:c7:f2:5a:dc:a4:ad:51:fd:a0:f2:55:8f:c4:46:ed: - c4:ae:ca:e6:e5:57:81:a7:a4:3a:4e:68:af:7c:18:11:ff:a8: - 3c:86:87:6e:b8:ff:c1:03:9b:ad:a5:b6:9b:8a:01:7c:ed:34: - 0f:d1:17:0e ------BEGIN CERTIFICATE----- -MIIDADCCAeigAwIBAgIBADANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDFBFTUktf -MV9zaGEyNTZfMjA0ODAeFw0xOTA4MjYyMTAxMjNaFw0yOTA4MjMyMTAxMjNaMBwx -GjAYBgNVBAMMEUNTRl8xX3NoYTI1Nl8yMDQ4MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA1ND+Y7kFjgp7Jw1P9IZdGtUBXga/JhX3+rBYVrTf1N6s+TCF -2z4fTuBK4bELrP5EQzWREm4rQp61hROJM7bl9rOm0j//MQv77242wcrZo+yN8NqJ -DE60jY7oVUl8BTW/CfYN6jOCvu2yGXbpesNdKkj7mnLbCItUNSlpVL+SwlzZl0Lb -7767ufxe/6io8FVCYiqpAHiz7Ytyl993qRmlDzrMTy8+AjmigjNVICNeIDPbQil+ -WRrN8rLKjzWtm1xyCmSfwb1uyFFISxcpVVgw8Xv1U9+Ea3kw2zFIbOK9U1rUoOb7 -nASqAcIPEcIX9yi8rdFmz4u0ASV4W+me96cKhwIDAQABo00wSzAJBgNVHRMEAjAA -MB0GA1UdDgQWBBQ7B0iuz2r0HwXwHsjr3Lk7h3s+NTAfBgNVHSMEGDAWgBT/xpv2 -oS0pckcfVXbx5cUkhk67ejANBgkqhkiG9w0BAQsFAAOCAQEATiBgFgZ/sI/BJrOy -K8ax2BhMScEP8EeJs1Urej4SUCw4773NzygUGyL8Zp9dk9MVvlJ8JMjaY03lIcU4 -+nC+QZkr71XSc34POHB2uv5sZz7wJZ/CxbZm1b5lKnwytpQMqEAZuwckoFzgwfCO -gINO59KpRxHA47imW5X5Qh9WkSiNdYoT2d65K5qVMaWhda0svbH0zBWaeZ1klnyo -dzOm1EzHxoBIznT8KK2ooOBwWHGMF6TO1n3jkHFAfQw/LpvTvKEBqpqCMov1x/Ja -3KStUf2g8lWPxEbtxK7K5uVXgaekOk5or3wYEf+oPIaHbrj/wQObraW2m4oBfO00 -D9EXDg== ------END CERTIFICATE----- diff --git a/conf/imx_hab4/01.pem b/conf/imx_hab4/01.pem deleted file mode 100644 index d3217e6..0000000 --- a/conf/imx_hab4/01.pem +++ /dev/null @@ -1,76 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=SRK_1_sha256_2048 - Validity - Not Before: Aug 26 21:01:23 2019 GMT - Not After : Aug 23 21:01:23 2029 GMT - Subject: CN=IMG_1_sha256_2048 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:c2:7d:9d:92:e0:dd:1b:46:e2:e5:43:67:cb:79: - ed:d1:25:18:68:59:68:62:b5:6f:b5:ec:31:1f:df: - 07:35:0c:41:fb:5e:a5:99:ec:87:2a:ed:5b:93:88: - da:47:b2:2d:0c:be:a6:bc:f5:02:ce:da:ab:99:2a: - f2:aa:f8:b4:d5:3b:76:36:b7:18:d9:48:3a:d8:25: - b4:81:cb:1d:7e:b8:3c:cf:cc:51:8b:29:4e:e4:86: - 2f:82:75:48:6f:9a:bc:52:2a:d5:cb:ed:b2:ad:0a: - df:d1:e2:1f:96:8b:70:60:97:38:e5:ba:aa:52:7f: - 65:72:05:2f:fd:db:79:e6:2b:24:4c:66:ca:09:2f: - 3e:12:79:97:3c:81:bf:f9:97:80:2f:7f:0b:ca:1d: - 3a:4f:63:49:d2:6a:6b:0d:47:de:c9:36:12:e7:f6: - 10:fd:99:cd:f1:22:ac:0a:fa:6c:82:29:f7:3b:60: - ac:b4:69:cb:b4:83:62:a0:12:50:15:53:21:7f:d3: - b1:69:aa:a5:a2:97:81:d8:81:4e:af:24:2b:dd:b5: - 56:7a:a0:ec:c9:7c:5c:2b:d2:f9:1f:09:4b:91:52: - 7e:55:65:a8:05:63:b3:b1:39:4a:23:96:2a:69:18: - a4:21:7c:58:43:3d:4e:df:b8:0c:46:fe:ae:92:30: - 3d:9f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: - D2:AE:D6:08:C3:77:09:E3:17:12:14:CE:C1:EF:A4:47:C9:4E:E1:40 - X509v3 Authority Key Identifier: - keyid:FF:C6:9B:F6:A1:2D:29:72:47:1F:55:76:F1:E5:C5:24:86:4E:BB:7A - - Signature Algorithm: sha256WithRSAEncryption - 1b:44:27:d1:8b:0e:bf:18:27:c9:55:3a:89:e6:9b:e1:3c:8b: - ca:61:28:e8:60:b1:1a:85:48:91:42:14:c4:6f:32:67:0b:db: - 3e:4d:ff:32:33:7a:ac:d7:77:96:28:1f:c5:60:9b:6a:dc:09: - cb:d9:65:89:23:c9:7d:1c:c9:99:a7:46:bc:9e:0c:d1:96:98: - a8:0b:91:30:94:16:11:34:48:78:94:b2:f7:c2:48:86:cb:75: - ff:1a:9b:0c:c8:13:f7:cf:6d:f7:79:8a:43:73:bf:5d:8b:66: - 6e:7e:0f:19:69:53:42:4e:a1:d9:57:63:47:21:e9:a6:e0:f9: - 14:b1:c5:89:e0:50:30:d1:2c:06:07:c4:ef:5f:3c:5e:24:f5: - 16:15:e9:8b:d7:00:9e:3b:56:26:3a:b0:91:cb:ca:76:dc:c1: - e7:aa:ff:a9:eb:92:d6:05:cd:0e:8d:20:b1:9c:cf:45:c0:5b: - 82:18:1c:75:3d:be:bf:3c:68:08:05:4a:3d:41:38:ec:de:9f: - d6:1b:0a:c7:f4:77:04:c2:04:96:b8:21:c3:59:a2:fb:67:45: - 9d:16:62:e7:41:f8:a3:8f:fb:a7:f2:10:b5:b6:00:02:a0:6e: - b6:37:38:50:e0:bc:41:8c:98:9b:df:1a:c7:01:8d:a0:ed:34: - 9c:40:13:0b ------BEGIN CERTIFICATE----- -MIIDADCCAeigAwIBAgIBATANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDFBFTUktf -MV9zaGEyNTZfMjA0ODAeFw0xOTA4MjYyMTAxMjNaFw0yOTA4MjMyMTAxMjNaMBwx -GjAYBgNVBAMMEUlNR18xX3NoYTI1Nl8yMDQ4MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAwn2dkuDdG0bi5UNny3nt0SUYaFloYrVvtewxH98HNQxB+16l -meyHKu1bk4jaR7ItDL6mvPUCztqrmSryqvi01Tt2NrcY2Ug62CW0gcsdfrg8z8xR -iylO5IYvgnVIb5q8UirVy+2yrQrf0eIflotwYJc45bqqUn9lcgUv/dt55iskTGbK -CS8+EnmXPIG/+ZeAL38Lyh06T2NJ0mprDUfeyTYS5/YQ/ZnN8SKsCvpsgin3O2Cs -tGnLtINioBJQFVMhf9OxaaqlopeB2IFOryQr3bVWeqDsyXxcK9L5HwlLkVJ+VWWo -BWOzsTlKI5YqaRikIXxYQz1O37gMRv6ukjA9nwIDAQABo00wSzAJBgNVHRMEAjAA -MB0GA1UdDgQWBBTSrtYIw3cJ4xcSFM7B76RHyU7hQDAfBgNVHSMEGDAWgBT/xpv2 -oS0pckcfVXbx5cUkhk67ejANBgkqhkiG9w0BAQsFAAOCAQEAG0Qn0YsOvxgnyVU6 -ieab4TyLymEo6GCxGoVIkUIUxG8yZwvbPk3/MjN6rNd3ligfxWCbatwJy9lliSPJ -fRzJmadGvJ4M0ZaYqAuRMJQWETRIeJSy98JIhst1/xqbDMgT989t93mKQ3O/XYtm -bn4PGWlTQk6h2VdjRyHppuD5FLHFieBQMNEsBgfE7188XiT1FhXpi9cAnjtWJjqw -kcvKdtzB56r/qeuS1gXNDo0gsZzPRcBbghgcdT2+vzxoCAVKPUE47N6f1hsKx/R3 -BMIElrghw1mi+2dFnRZi50H4o4/7p/IQtbYAAqButjc4UOC8QYyYm98axwGNoO00 -nEATCw== ------END CERTIFICATE----- diff --git a/conf/imx_hab4/CSF_1.req b/conf/imx_hab4/CSF_1.req deleted file mode 100644 index e324693..0000000 --- a/conf/imx_hab4/CSF_1.req +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICYTCCAUkCAQAwHDEaMBgGA1UEAwwRQ1NGXzFfc2hhMjU2XzIwNDgwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU0P5juQWOCnsnDU/0hl0a1QFeBr8m -Fff6sFhWtN/U3qz5MIXbPh9O4ErhsQus/kRDNZESbitCnrWFE4kztuX2s6bSP/8x -C/vvbjbBytmj7I3w2okMTrSNjuhVSXwFNb8J9g3qM4K+7bIZdul6w10qSPuactsI -i1Q1KWlUv5LCXNmXQtvvvru5/F7/qKjwVUJiKqkAeLPti3KX33epGaUPOsxPLz4C -OaKCM1UgI14gM9tCKX5ZGs3yssqPNa2bXHIKZJ/BvW7IUUhLFylVWDDxe/VT34Rr -eTDbMUhs4r1TWtSg5vucBKoBwg8Rwhf3KLyt0WbPi7QBJXhb6Z73pwqHAgMBAAGg -ADANBgkqhkiG9w0BAQsFAAOCAQEAsvuS8d3zrUg/j/OU/ugt/TiZCjVAre33fWEQ -4cShG6DfG1sqb60DkKcYifWMLm125NIMEgckV+bXDrgCNQJmxLPq1Y3Y8K7PI28M -J4VarEaOQvn+o/nitdf0sXe+grL+BkbxYXr+a3L5c7f+I8XwmiNFVXD9DMo8Bewz -lBxgpQWE+Q9rT28vBKw4XkK+AmFgaahCYU37/YQpAY8bydLBYGAImsRx/TUYycEW -ojmNgJriMWGq2nM8cVXCcsAs35Ti93exdSobPy4O+eBO3CvVJL8kmLACZzVhaHf3 -WcsbJ8LKjnRc2sBVjGmcA4aOGMgNd+NyzUSHKF2gY2LAjBjomQ== ------END CERTIFICATE REQUEST----- diff --git a/conf/imx_hab4/CSF_1_crt.pem b/conf/imx_hab4/CSF_1_crt.pem deleted file mode 100644 index 43cc09a..0000000 --- a/conf/imx_hab4/CSF_1_crt.pem +++ /dev/null @@ -1,76 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=SRK_1_sha256_2048 - Validity - Not Before: Aug 26 21:01:23 2019 GMT - Not After : Aug 23 21:01:23 2029 GMT - Subject: CN=CSF_1_sha256_2048 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:d4:d0:fe:63:b9:05:8e:0a:7b:27:0d:4f:f4:86: - 5d:1a:d5:01:5e:06:bf:26:15:f7:fa:b0:58:56:b4: - df:d4:de:ac:f9:30:85:db:3e:1f:4e:e0:4a:e1:b1: - 0b:ac:fe:44:43:35:91:12:6e:2b:42:9e:b5:85:13: - 89:33:b6:e5:f6:b3:a6:d2:3f:ff:31:0b:fb:ef:6e: - 36:c1:ca:d9:a3:ec:8d:f0:da:89:0c:4e:b4:8d:8e: - e8:55:49:7c:05:35:bf:09:f6:0d:ea:33:82:be:ed: - b2:19:76:e9:7a:c3:5d:2a:48:fb:9a:72:db:08:8b: - 54:35:29:69:54:bf:92:c2:5c:d9:97:42:db:ef:be: - bb:b9:fc:5e:ff:a8:a8:f0:55:42:62:2a:a9:00:78: - b3:ed:8b:72:97:df:77:a9:19:a5:0f:3a:cc:4f:2f: - 3e:02:39:a2:82:33:55:20:23:5e:20:33:db:42:29: - 7e:59:1a:cd:f2:b2:ca:8f:35:ad:9b:5c:72:0a:64: - 9f:c1:bd:6e:c8:51:48:4b:17:29:55:58:30:f1:7b: - f5:53:df:84:6b:79:30:db:31:48:6c:e2:bd:53:5a: - d4:a0:e6:fb:9c:04:aa:01:c2:0f:11:c2:17:f7:28: - bc:ad:d1:66:cf:8b:b4:01:25:78:5b:e9:9e:f7:a7: - 0a:87 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: - 3B:07:48:AE:CF:6A:F4:1F:05:F0:1E:C8:EB:DC:B9:3B:87:7B:3E:35 - X509v3 Authority Key Identifier: - keyid:FF:C6:9B:F6:A1:2D:29:72:47:1F:55:76:F1:E5:C5:24:86:4E:BB:7A - - Signature Algorithm: sha256WithRSAEncryption - 4e:20:60:16:06:7f:b0:8f:c1:26:b3:b2:2b:c6:b1:d8:18:4c: - 49:c1:0f:f0:47:89:b3:55:2b:7a:3e:12:50:2c:38:ef:bd:cd: - cf:28:14:1b:22:fc:66:9f:5d:93:d3:15:be:52:7c:24:c8:da: - 63:4d:e5:21:c5:38:fa:70:be:41:99:2b:ef:55:d2:73:7e:0f: - 38:70:76:ba:fe:6c:67:3e:f0:25:9f:c2:c5:b6:66:d5:be:65: - 2a:7c:32:b6:94:0c:a8:40:19:bb:07:24:a0:5c:e0:c1:f0:8e: - 80:83:4e:e7:d2:a9:47:11:c0:e3:b8:a6:5b:95:f9:42:1f:56: - 91:28:8d:75:8a:13:d9:de:b9:2b:9a:95:31:a5:a1:75:ad:2c: - bd:b1:f4:cc:15:9a:79:9d:64:96:7c:a8:77:33:a6:d4:4c:c7: - c6:80:48:ce:74:fc:28:ad:a8:a0:e0:70:58:71:8c:17:a4:ce: - d6:7d:e3:90:71:40:7d:0c:3f:2e:9b:d3:bc:a1:01:aa:9a:82: - 32:8b:f5:c7:f2:5a:dc:a4:ad:51:fd:a0:f2:55:8f:c4:46:ed: - c4:ae:ca:e6:e5:57:81:a7:a4:3a:4e:68:af:7c:18:11:ff:a8: - 3c:86:87:6e:b8:ff:c1:03:9b:ad:a5:b6:9b:8a:01:7c:ed:34: - 0f:d1:17:0e ------BEGIN CERTIFICATE----- -MIIDADCCAeigAwIBAgIBADANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDFBFTUktf -MV9zaGEyNTZfMjA0ODAeFw0xOTA4MjYyMTAxMjNaFw0yOTA4MjMyMTAxMjNaMBwx -GjAYBgNVBAMMEUNTRl8xX3NoYTI1Nl8yMDQ4MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA1ND+Y7kFjgp7Jw1P9IZdGtUBXga/JhX3+rBYVrTf1N6s+TCF -2z4fTuBK4bELrP5EQzWREm4rQp61hROJM7bl9rOm0j//MQv77242wcrZo+yN8NqJ -DE60jY7oVUl8BTW/CfYN6jOCvu2yGXbpesNdKkj7mnLbCItUNSlpVL+SwlzZl0Lb -7767ufxe/6io8FVCYiqpAHiz7Ytyl993qRmlDzrMTy8+AjmigjNVICNeIDPbQil+ -WRrN8rLKjzWtm1xyCmSfwb1uyFFISxcpVVgw8Xv1U9+Ea3kw2zFIbOK9U1rUoOb7 -nASqAcIPEcIX9yi8rdFmz4u0ASV4W+me96cKhwIDAQABo00wSzAJBgNVHRMEAjAA -MB0GA1UdDgQWBBQ7B0iuz2r0HwXwHsjr3Lk7h3s+NTAfBgNVHSMEGDAWgBT/xpv2 -oS0pckcfVXbx5cUkhk67ejANBgkqhkiG9w0BAQsFAAOCAQEATiBgFgZ/sI/BJrOy -K8ax2BhMScEP8EeJs1Urej4SUCw4773NzygUGyL8Zp9dk9MVvlJ8JMjaY03lIcU4 -+nC+QZkr71XSc34POHB2uv5sZz7wJZ/CxbZm1b5lKnwytpQMqEAZuwckoFzgwfCO -gINO59KpRxHA47imW5X5Qh9WkSiNdYoT2d65K5qVMaWhda0svbH0zBWaeZ1klnyo -dzOm1EzHxoBIznT8KK2ooOBwWHGMF6TO1n3jkHFAfQw/LpvTvKEBqpqCMov1x/Ja -3KStUf2g8lWPxEbtxK7K5uVXgaekOk5or3wYEf+oPIaHbrj/wQObraW2m4oBfO00 -D9EXDg== ------END CERTIFICATE----- diff --git a/conf/imx_hab4/CSF_1_key.pem b/conf/imx_hab4/CSF_1_key.pem deleted file mode 100644 index dd9796a..0000000 --- a/conf/imx_hab4/CSF_1_key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA1ND+Y7kFjgp7Jw1P9IZdGtUBXga/JhX3+rBYVrTf1N6s+TCF -2z4fTuBK4bELrP5EQzWREm4rQp61hROJM7bl9rOm0j//MQv77242wcrZo+yN8NqJ -DE60jY7oVUl8BTW/CfYN6jOCvu2yGXbpesNdKkj7mnLbCItUNSlpVL+SwlzZl0Lb -7767ufxe/6io8FVCYiqpAHiz7Ytyl993qRmlDzrMTy8+AjmigjNVICNeIDPbQil+ -WRrN8rLKjzWtm1xyCmSfwb1uyFFISxcpVVgw8Xv1U9+Ea3kw2zFIbOK9U1rUoOb7 -nASqAcIPEcIX9yi8rdFmz4u0ASV4W+me96cKhwIDAQABAoIBAA63dSAIR24PI30L -2p+aOw4D9Ng/tzA3DLL1RuaYE3JxA50n0dnbbebSc9svlxMbcjUDm0ie/bbZqsvN -EgvVdgmdWsfnTQpjPcTM5lR4ZpyDWz1wn1GOj8XKQB7FuiHSGafisAumDECPx2Uj -Z/npUKP/8AY6MxNgLy6N8o69wLRX/wr9G89hyxCbVojI1crX1pzseVUQexoC/SQc -Chpc7SZQViOntCAf8ogspi17qHuIlu+V62Z6caKenSx3iG1I6Vq8XXKzCXsje4Ps -AkfYJlx0OH92b4DAyHTxgPq7scFF6I5irZqoFivZWNm/fPfhXgubZTj2fcfE3fw2 -7t4ci2ECgYEA+MmLavNGvUmo7/xs6HLkflSuQHHdV7ueYWkgvazknQhAlRZxenRQ -fpaZIjqN0nlbCu7hcqRpBVeEXnQE/tAvVAjYxRiH7pJzxmvUm3ssxJrDBGclYn34 -Rdzf1aK6mXrZ3kUCsrGk7vQ5HVmG5pjRi3jxSEAWl4JzvoAIQ3NYXr0CgYEA2vx6 -up4oUlstS/vQDgI0zqEVBbsEMOXjoAh+NMQAL9ZQgKfN0ZKmyYiu2m4t8y6U4788 -lGHknZ2nFzONf0xX5f2bqQFNNxsmHOgZTphH/n5X9I7K6UKrjc4Ujz7vLGCLQK30 -U+lf6OyS2LDBepySDlr6vAbGTESzqRPdHcYXdJMCgYBdZ2W1gKKVXHtVpoLI/qG0 -oFxPi7BbSPBciBinvaqTHk8I6kUugU7bR/U0OaGXXMKGp0rzPLDFNadXwt1BQa4T -McMYtG4MbuWSoFdRDHyxT51aINOTV9IHgLZ0wcSm7M2xOl2Z80IGCKEM2Njh6Iv7 -fiuwQYd52JtV8UGo+Tw7TQKBgCTD/Or2ALkK+8jlByJC9pC2dKwYoPSAtD27D01W -lt1xMuTWx3RnFb+CRjEADJDmgjLWeZpD8TkRLet0SU5VB/DiKk8um8MjuLtjsFQE -txmgJq41hxWwjtLpBYSjQU6HCvoZ+opYBTU6+tCMpH8saE0msy/8RzCo3C0H27jS -+D8nAoGACzOildXxZbgM1iGgnQfAC6Ai+XeRL7PTTl579QVMqsOXrE21bLji0Agh -+vj+f1/JuyCFfhSh9/mApCiXc26iehkAYu0py4v0XGk7DCli79wYFZBsL+wIsdjD -x7iWXxk0JphH0Qc/dcZwwdrnX3e4e0bCv+aPWCl12yxe+xAW7k0= ------END RSA PRIVATE KEY----- diff --git a/conf/imx_hab4/IMG_1.req b/conf/imx_hab4/IMG_1.req deleted file mode 100644 index 32b58e7..0000000 --- a/conf/imx_hab4/IMG_1.req +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICYTCCAUkCAQAwHDEaMBgGA1UEAwwRSU1HXzFfc2hhMjU2XzIwNDgwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCfZ2S4N0bRuLlQ2fLee3RJRhoWWhi -tW+17DEf3wc1DEH7XqWZ7Icq7VuTiNpHsi0Mvqa89QLO2quZKvKq+LTVO3Y2txjZ -SDrYJbSByx1+uDzPzFGLKU7khi+CdUhvmrxSKtXL7bKtCt/R4h+Wi3BglzjluqpS -f2VyBS/923nmKyRMZsoJLz4SeZc8gb/5l4AvfwvKHTpPY0nSamsNR97JNhLn9hD9 -mc3xIqwK+myCKfc7YKy0acu0g2KgElAVUyF/07FpqqWil4HYgU6vJCvdtVZ6oOzJ -fFwr0vkfCUuRUn5VZagFY7OxOUojlippGKQhfFhDPU7fuAxG/q6SMD2fAgMBAAGg -ADANBgkqhkiG9w0BAQsFAAOCAQEAiGwG1Xb8iFCVYKmPF0an/Lf/LXZIAvgpEI0E -R4rZzwQq+xbgCumV3oeRQGKYRTM8bCqQM+rM5iw0YHSk1alF6I9qNmjHOuY1nGTd -itQiKUX90kQODOLVJj2iGoEWJv9h3By+g7XUHlXZejHxytNcwehiYswQd36MoaQV -gHOU5lgb+Zm+LURVCqbkOEmHF7lsydcdwZpVppiCbnIhaAyFfFBX76+Eta72nY4D -ND8Gtb3Ci6lcbU/REZa9wVk0Oyz5v+uhTJon/fAmFhetYxtZNJFa1pm2SmtKgEBT -qHE6UeQhvuvPJ82lfcKoXz5T23W8g1zlgVpAAgSe1x5QGqkYjg== ------END CERTIFICATE REQUEST----- diff --git a/conf/imx_hab4/IMG_1_crt.pem b/conf/imx_hab4/IMG_1_crt.pem deleted file mode 100644 index d3217e6..0000000 --- a/conf/imx_hab4/IMG_1_crt.pem +++ /dev/null @@ -1,76 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=SRK_1_sha256_2048 - Validity - Not Before: Aug 26 21:01:23 2019 GMT - Not After : Aug 23 21:01:23 2029 GMT - Subject: CN=IMG_1_sha256_2048 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:c2:7d:9d:92:e0:dd:1b:46:e2:e5:43:67:cb:79: - ed:d1:25:18:68:59:68:62:b5:6f:b5:ec:31:1f:df: - 07:35:0c:41:fb:5e:a5:99:ec:87:2a:ed:5b:93:88: - da:47:b2:2d:0c:be:a6:bc:f5:02:ce:da:ab:99:2a: - f2:aa:f8:b4:d5:3b:76:36:b7:18:d9:48:3a:d8:25: - b4:81:cb:1d:7e:b8:3c:cf:cc:51:8b:29:4e:e4:86: - 2f:82:75:48:6f:9a:bc:52:2a:d5:cb:ed:b2:ad:0a: - df:d1:e2:1f:96:8b:70:60:97:38:e5:ba:aa:52:7f: - 65:72:05:2f:fd:db:79:e6:2b:24:4c:66:ca:09:2f: - 3e:12:79:97:3c:81:bf:f9:97:80:2f:7f:0b:ca:1d: - 3a:4f:63:49:d2:6a:6b:0d:47:de:c9:36:12:e7:f6: - 10:fd:99:cd:f1:22:ac:0a:fa:6c:82:29:f7:3b:60: - ac:b4:69:cb:b4:83:62:a0:12:50:15:53:21:7f:d3: - b1:69:aa:a5:a2:97:81:d8:81:4e:af:24:2b:dd:b5: - 56:7a:a0:ec:c9:7c:5c:2b:d2:f9:1f:09:4b:91:52: - 7e:55:65:a8:05:63:b3:b1:39:4a:23:96:2a:69:18: - a4:21:7c:58:43:3d:4e:df:b8:0c:46:fe:ae:92:30: - 3d:9f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: - D2:AE:D6:08:C3:77:09:E3:17:12:14:CE:C1:EF:A4:47:C9:4E:E1:40 - X509v3 Authority Key Identifier: - keyid:FF:C6:9B:F6:A1:2D:29:72:47:1F:55:76:F1:E5:C5:24:86:4E:BB:7A - - Signature Algorithm: sha256WithRSAEncryption - 1b:44:27:d1:8b:0e:bf:18:27:c9:55:3a:89:e6:9b:e1:3c:8b: - ca:61:28:e8:60:b1:1a:85:48:91:42:14:c4:6f:32:67:0b:db: - 3e:4d:ff:32:33:7a:ac:d7:77:96:28:1f:c5:60:9b:6a:dc:09: - cb:d9:65:89:23:c9:7d:1c:c9:99:a7:46:bc:9e:0c:d1:96:98: - a8:0b:91:30:94:16:11:34:48:78:94:b2:f7:c2:48:86:cb:75: - ff:1a:9b:0c:c8:13:f7:cf:6d:f7:79:8a:43:73:bf:5d:8b:66: - 6e:7e:0f:19:69:53:42:4e:a1:d9:57:63:47:21:e9:a6:e0:f9: - 14:b1:c5:89:e0:50:30:d1:2c:06:07:c4:ef:5f:3c:5e:24:f5: - 16:15:e9:8b:d7:00:9e:3b:56:26:3a:b0:91:cb:ca:76:dc:c1: - e7:aa:ff:a9:eb:92:d6:05:cd:0e:8d:20:b1:9c:cf:45:c0:5b: - 82:18:1c:75:3d:be:bf:3c:68:08:05:4a:3d:41:38:ec:de:9f: - d6:1b:0a:c7:f4:77:04:c2:04:96:b8:21:c3:59:a2:fb:67:45: - 9d:16:62:e7:41:f8:a3:8f:fb:a7:f2:10:b5:b6:00:02:a0:6e: - b6:37:38:50:e0:bc:41:8c:98:9b:df:1a:c7:01:8d:a0:ed:34: - 9c:40:13:0b ------BEGIN CERTIFICATE----- -MIIDADCCAeigAwIBAgIBATANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDFBFTUktf -MV9zaGEyNTZfMjA0ODAeFw0xOTA4MjYyMTAxMjNaFw0yOTA4MjMyMTAxMjNaMBwx -GjAYBgNVBAMMEUlNR18xX3NoYTI1Nl8yMDQ4MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAwn2dkuDdG0bi5UNny3nt0SUYaFloYrVvtewxH98HNQxB+16l -meyHKu1bk4jaR7ItDL6mvPUCztqrmSryqvi01Tt2NrcY2Ug62CW0gcsdfrg8z8xR -iylO5IYvgnVIb5q8UirVy+2yrQrf0eIflotwYJc45bqqUn9lcgUv/dt55iskTGbK -CS8+EnmXPIG/+ZeAL38Lyh06T2NJ0mprDUfeyTYS5/YQ/ZnN8SKsCvpsgin3O2Cs -tGnLtINioBJQFVMhf9OxaaqlopeB2IFOryQr3bVWeqDsyXxcK9L5HwlLkVJ+VWWo -BWOzsTlKI5YqaRikIXxYQz1O37gMRv6ukjA9nwIDAQABo00wSzAJBgNVHRMEAjAA -MB0GA1UdDgQWBBTSrtYIw3cJ4xcSFM7B76RHyU7hQDAfBgNVHSMEGDAWgBT/xpv2 -oS0pckcfVXbx5cUkhk67ejANBgkqhkiG9w0BAQsFAAOCAQEAG0Qn0YsOvxgnyVU6 -ieab4TyLymEo6GCxGoVIkUIUxG8yZwvbPk3/MjN6rNd3ligfxWCbatwJy9lliSPJ -fRzJmadGvJ4M0ZaYqAuRMJQWETRIeJSy98JIhst1/xqbDMgT989t93mKQ3O/XYtm -bn4PGWlTQk6h2VdjRyHppuD5FLHFieBQMNEsBgfE7188XiT1FhXpi9cAnjtWJjqw -kcvKdtzB56r/qeuS1gXNDo0gsZzPRcBbghgcdT2+vzxoCAVKPUE47N6f1hsKx/R3 -BMIElrghw1mi+2dFnRZi50H4o4/7p/IQtbYAAqButjc4UOC8QYyYm98axwGNoO00 -nEATCw== ------END CERTIFICATE----- diff --git a/conf/imx_hab4/IMG_1_key.pem b/conf/imx_hab4/IMG_1_key.pem deleted file mode 100644 index 157dc9a..0000000 --- a/conf/imx_hab4/IMG_1_key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAwn2dkuDdG0bi5UNny3nt0SUYaFloYrVvtewxH98HNQxB+16l -meyHKu1bk4jaR7ItDL6mvPUCztqrmSryqvi01Tt2NrcY2Ug62CW0gcsdfrg8z8xR -iylO5IYvgnVIb5q8UirVy+2yrQrf0eIflotwYJc45bqqUn9lcgUv/dt55iskTGbK -CS8+EnmXPIG/+ZeAL38Lyh06T2NJ0mprDUfeyTYS5/YQ/ZnN8SKsCvpsgin3O2Cs -tGnLtINioBJQFVMhf9OxaaqlopeB2IFOryQr3bVWeqDsyXxcK9L5HwlLkVJ+VWWo -BWOzsTlKI5YqaRikIXxYQz1O37gMRv6ukjA9nwIDAQABAoIBAQC2vSI15DO7slH0 -Ce5XX9vUe99ABGmw/TrWGvNZN8vkyvyf+6DrTDMAYX5+08IMRVxQsj2mIyudQhaj -VpgljoMSKsl6xXSCi3xGpL7CiR7QdrkkoZwofgqTa4TuNdZ2jlPNfFPfRRpxvlro -MGdvotpW1x9tsoLf+rVNeZRLGFGjsVeoZcdc/Buahx98Sdl1OVhgt66C+5uE1NtA -IMibGyNvNsbuKkiwNrOVX5nGCKuF+A0UsTc8hi0X24EX6lwQMTQYTN9Fo/uG4iVG -7um0gVkcFDxnRTFv6MtFKkcZNTfIuhYjAErBxt1OzmizzkMeAzodZCSwHSZJ66Ai -ouaMW8fZAoGBAOnEEz5JC/avBUjdUze0GhN4edyc70ALIm0qT7QXQnE0Ldq/Gzrz -FKSc4hiy2fuklXIezrOW8hK8771UxSCfJuTTUpeTNDbWKuKY9cdSbat8Ngj8lTle -EeK+itUTHgbMJf3t+MgfA+WKgMtkPOXGjXUT0v5KtEuTK1ppbdYr9zJdAoGBANT9 -PBQRgjGlllBHQSq0bC1ikiCcQJRyLKX5d/dY2hW/VB2/dbQxk8iqSN50CrMU932h -HXZdtt/+EF83H6/bObwhE+zhtiPajGAmrcmGf6ihiD9WpuKdKqDheG6ZYJUDKUFV -//bcZNbrqoHsPYwCCrP96pjomb+3UfipJBD2uWgrAoGBAOIvqj72BvFlX8OlA0Q+ -q4xzYdYoswZQv7rI2d3zM4K9bjDeAMcFNNAiTFKBm5F1KnUFghMa1pdy4LVdNG/g -Do4SOzQWZss4Zr5iKk32X88xnEcNvoWHk97FZyfMG52QIqKUg8d+2xJa9UvXbWUW -vQCvcdRDDDij6arNoE0+tSyxAoGARqf/fzTTuP6Sn+0TbERQQroZeeH79oLt1t2s -c4yxRFelYvz54h40RXRgGhPq3L/O3olNSdAK88HH0p5pz5/tRkC+6G10S+6bdOY/ -7sPEo796gHCRiknTM2240w/kn2peDEOoV0+D0Fx7wwAI5uJihJVudu1q29PHyLLr -uQjwNuMCgYA6x5BVVI+nCUu2RCfCZ3Oh6BLHRqx9xhBFJDp20j2bz2ZBhCgvkNom -mzb6XVpeA9xyz4l1UVAI2lWEFxM4UmG7eY8aQNAn6nVWbjZ9A3a3fyCeUsvLDYcI -RfFPWVzapeGH7IGR1JK8s3aU/bRDbs+kp/pQfJEnoFZ65RvlfoMhxw== ------END RSA PRIVATE KEY----- diff --git a/conf/imx_hab4/README.txt b/conf/imx_hab4/README.txt deleted file mode 100644 index 66ea502..0000000 --- a/conf/imx_hab4/README.txt +++ /dev/null @@ -1,228 +0,0 @@ -=========== -Documents: -=========== - -Feature Guide - read - -Fuse Table: - You will neeed the reference security manual for your SoC (it - should contain the fuse table) - - In the case of the IMX7ULP, the fuses are - SRK: bank 5 word [0 - 7] - SEC_CONFIG[1]: bank 29 word 6 [only bit 31] - -Software: - Download: NXP CST 3.1 to /tmp/cst_3.1 - Clone lmp-manifest - git clone https://github.com/foundriesio/lmp-manifest.git - -=========================== -Build, Sign and install SPL -=========================== -1. Create a directory where SPL will be signed -$ mkdir /tmp/spl,sign - -2. Copy the already generated tables (SRK and fuse) to the working directory -$ cp lmp-manifest/conf/imx_hab4/* /tmp/spl,sign/ - -3. Copy the code signing tool for your server architecture -$ cp /tmp/cst_3.1/linux64/bin/cst /tmp/spl,sign/ - -4. Use U-boot to fuse the SRK values on your board -Build U-boot: CONFIG_CMD_FUSE -Double check that the fuse table is correct - -$ cd /tmp/spl,sign -$ hexdump -e '/4 "0x"' -e '/4 "%X""\n"' SRK_1_2_3_4_fuse.bin -0xEA2F0B50 -0x871167F7 -0xF5CECF5D -0x364727C3 -0x8DD52832 -0xF158F65F -0xA71BBE78 -0xA3AD024A - -From the U-boot console: -(not that on the imx7ulp SoC the fuse bank for the SRK is bank 5) -=> fuse prog 5 0 0xEA2F0B50 -=> fuse prog 5 1 0x871167F7 -=> fuse prog 5 2 0xF5CECF5D -=> fuse prog 5 3 0x364727C3 -=> fuse prog 5 4 0x8DD52832 -=> fuse prog 5 5 0xF158F65F -=> fuse prog 5 6 0xA71BBE78 -=> fuse prog 5 7 0xA3AD024A - -5. Build SPL with HAB support -Build U-Boot: CONFIG_IMX_HAB - -When SPL is built: -$ cat SPL.log | grep HAB -HAB Blocks: 0x2f010400 0x00000000 0x00016c00 - -6. Then sign the SPL image -$ cp SPL /tmp/spl,sign -$ cd /tmp/spl,sign - -Replace the commented out Blocks line at the bottom with the HAB blocks -information from the previous step -$ vi spl,sign/u-boot-spl-sign.csf-template - -Use the Code Signing Tool binary to generate the signature -$ ./cst -o csf-spl.bin -i u-boot-spl-sign.csf-template - -Now append the signature to the SPL image -$ cat SPL csf-spl.bin > SPL.signed - -7. Install this SPL.signed image via SDP (uuu bootloader.uuu) - -8. Boot the image and check the HAB events for errors (no events is a pass!) -=> hab_status -Secure boot disabled -HAB Configuration: 0xf0, HAB State: 0x66 -No HAB Events Found! - -9. Close the device by burning SEC_CONFIG fuse -On imx7ulp SEC_CONFIG[1] is at bank 29, word 6. -Secure boot is enabled by setting bit 31 - -=> fuse prog 29 6 0x80000000 - -10. Reboot your board and check the HAB status - -=> hab_status -Secure boot enabled -HAB Configuration: 0xcc, HAB State: 0x99 -No HAB Events Found! - -Upgrades via SDP after the device was closed -============================================ -Once the device has been closed, only signed images will be able to -run on the processor. - -Support for upgrade via the Serial Download Protocol using the MFG tools -continues to be possible but with certain caveats. SDP requires that -the CSF is modified to check the DCD table; it also needs that the DCD -address in the signed image is cleared from the IVT header (since the -SDP protocol clears the DCD table address). - -To handle both requirements, we will need to sign the SPL-mfg -differently than previously described. - -Notice that in all cases HAB (high assurance boot) needs to be enabled -in the config. U-Boot on the MFG and the final target platform doesn't -need to be built any differently since it is not signed for HAB. - -=============== -Signing SPL MFG -=============== -Use the following scripts to handle the DCD as previously described. -Once SPLMfg has been built, check the DCD address by - -/tools/mkimage -l SPL - -Image Type: Freescale IMX Boot Image -Image Ver: 2 (i.MX53/6/7 compatible) -Mode: DCD -Data Size: 147552 Bytes = 144.09 KiB = 0.14 MiB -Load Address: 2f010420 -Entry Point: 2f011000 -HAB Blocks: 0x2f010400 0x00000000 0x00021c00 -DCD Blocks: 0x00910000 0x0000002c 0x00000258 - -Notice that the DCD address is hardcoded to a wrong address on some -u-boot versions; we sent a fix to the mainters to correct it since on -the imx7ulp this address should be 0x2f010000. - -This information will be used to generate the Command Sequence File -(CSF) used to sign the image. - -The Command Sequence File will need access to the SRK table amd PEM files. -You can get them as before from the lmp-manifest repo. - -SPLMfg.csf ----------- -[Header] -Version = 4.1 -Security Configuration = Open -Hash Algorithm = sha256 -Engine Configuration = 0 -Certificate Format = X509 -Signature Format = CMS -Engine = CAAM - -[Install SRK] -File = "./SRK_1_2_3_4_table.bin" -Source index = 0 - -[Install CSFK] -File = "./CSF_1_crt.pem" - -[Authenticate CSF] - -[Install Key] -# Key slot index used to authenticate the key to be installed -Verification index = 0 - -# Key to install -Target index = 2 -File = "./IMG_1_crt.pem" - -[Authenticate Data] -Verification index = 2 -Blocks = 0x2f010000 0x02c 0x00258 "./SPLmfg.bin" - -[Authenticate Data] -Verification index = 2 -Blocks = 0x2f010400 0x000 0x21c00 "./SPLmfg.bin" - -To sign the SPLMfg image just copy the SPL image from U-boot, rename it to -SPLMfg.bin and execute the sign.spl.mfg.sh script - -============================== -Boot a Signed SPLmfg using SDP -============================== -Make sure to use a version of the UUU tool that includes support for -the -dcdaddr and -cleardcd flags; these should be present in the next -mfgtools release following 1.3.102. - -To boot the signed image via SDP: -SDP: boot -f SPL-aeler-imx7ulpea-ucom -dcdaddr 0x2f010000 -cleardcd - -It could be the case that UUU times out during this operation; this could be -due to some watchdogs having been activated for the platform once the device -was closed. If you experience this issue, you will need to rebuild UUU -applying the following patch to increase the polling frequency. - -diff --git a/libuuu/usbhotplug.cpp b/libuuu/usbhotplug.cpp -index d8f958c..4b524bb 100644 ---- a/libuuu/usbhotplug.cpp -+++ b/libuuu/usbhotplug.cpp -@@ -153,7 +153,7 @@ static int usb_add(libusb_device *dev) - return -1; - - ConfigItem *item = get_config()->find(desc.idVendor, desc.idProduct, desc.bcdDevice); -- std::this_thread::sleep_for(std::chrono::milliseconds(200)); -+ std::this_thread::sleep_for(std::chrono::milliseconds(1)); - - if (item) - { -@@ -245,7 +245,7 @@ int polling_usb(std::atomic& bexit) - - oldlist = newlist; - -- std::this_thread::sleep_for(std::chrono::milliseconds(200)); -+ std::this_thread::sleep_for(std::chrono::milliseconds(1)); - - if (g_wait_usb_timeout >= 0 && !g_known_device_appeared) - { - -We submited a proposal [1] to be able to configure the usb polling -frequency dynamically; if it is present in your UUU release, then -use it as -$ uuu -pp 1 bootloader.uuu - -[1] https://github.com/NXPmicro/mfgtools/pull/147 diff --git a/conf/imx_hab4/SRK_1_2_3_4_fuse.bin b/conf/imx_hab4/SRK_1_2_3_4_fuse.bin deleted file mode 100644 index b049f32..0000000 --- a/conf/imx_hab4/SRK_1_2_3_4_fuse.bin +++ /dev/null @@ -1 +0,0 @@ -P /g]'G62(Ս_XxJ \ No newline at end of file diff --git a/conf/imx_hab4/SRK_1_2_3_4_table.bin b/conf/imx_hab4/SRK_1_2_3_4_table.bin deleted file mode 100644 index 755b7d7..0000000 Binary files a/conf/imx_hab4/SRK_1_2_3_4_table.bin and /dev/null differ diff --git a/conf/imx_hab4/SRK_1_crt.pem b/conf/imx_hab4/SRK_1_crt.pem deleted file mode 100644 index ce67b7f..0000000 --- a/conf/imx_hab4/SRK_1_crt.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDYDCCAkigAwIBAgIUfiHx9hJa6oFx/41QxFf8I0elwZYwDQYJKoZIhvcNAQEL -BQAwHDEaMBgGA1UEAxQRU1JLXzFfc2hhMjU2XzIwNDgwHhcNMTkwODI2MjEwMTIy -WhcNMjkwODIzMjEwMTIyWjAcMRowGAYDVQQDFBFTUktfMV9zaGEyNTZfMjA0ODCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANk+2C3++tfaPVaU+gAz6U1T -QAgxyyk3OSsrdhCQorDUAxXjVUxb2BFo5lUfvWIW8QUxayncl0bRf2UwcwWHwYhh -MTyaLJLDK66WKJlbuIgfqLXCAVY+qjtNPymSwI0Czr+bSrnAoOfq0cJCfFfB+yZz -YQJ64OvzmPgfJZpOvDhNHITuX78SFdGHEtV7JVCJ6b5pZLz+sTWoveHftITroeV4 -YSkAcfu4ql/1UzwCb0S+GKPqpRmFsw6jdm0SiQLSiBx/Ok8a1NGeOOaZnVL0KIok -oJFVOqIq3fFWQym18siBtM6ryVLaAMijyiQKUUvDqOMZg0gG6ja2sVtYAVlZVi8C -AwEAAaOBmTCBljAdBgNVHQ4EFgQU/8ab9qEtKXJHH1V28eXFJIZOu3owVwYDVR0j -BFAwToAU/8ab9qEtKXJHH1V28eXFJIZOu3qhIKQeMBwxGjAYBgNVBAMUEVNSS18x -X3NoYTI1Nl8yMDQ4ghR+IfH2ElrqgXH/jVDEV/wjR6XBljAPBgNVHRMBAf8EBTAD -AQH/MAsGA1UdDwQEAwICBDANBgkqhkiG9w0BAQsFAAOCAQEAPqDs4zql3o/TIvu4 -qBCImS0reO2PdRp2TERz1ZonDyg/CpcVwlAnU4nPpLGQJvrDSc6NLJ3pQIPQTVgL -MPsGVv5wbCRxivHEWXIgepsNBFMXo6uhXCybEVr3lVg/DP2PKjyl+WdA88WxM8p4 -KA27Pc+VwfmICaUaiNxesxvV4knruefqvriTEmAP06t5paKlOsWMt5oVcnZcKAoY -g7GdpEAPaaY+4+ghCQLUxus4HK0LMjtHST+7BhbDGeK6GxEuRRUCVGsYvubh0+47 -M2xE1tjtMmteF+oTeqtcxjAK1raPscIF6OHlyxWdmNfn3ow2gsTCqeg1KDJdyDon -+AD7Kw== ------END CERTIFICATE----- diff --git a/conf/imx_hab4/SRK_1_key.pem b/conf/imx_hab4/SRK_1_key.pem deleted file mode 100644 index 32c3dfd..0000000 --- a/conf/imx_hab4/SRK_1_key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDZPtgt/vrX2j1W -lPoAM+lNU0AIMcspNzkrK3YQkKKw1AMV41VMW9gRaOZVH71iFvEFMWsp3JdG0X9l -MHMFh8GIYTE8miySwyuuliiZW7iIH6i1wgFWPqo7TT8pksCNAs6/m0q5wKDn6tHC -QnxXwfsmc2ECeuDr85j4HyWaTrw4TRyE7l+/EhXRhxLVeyVQiem+aWS8/rE1qL3h -37SE66HleGEpAHH7uKpf9VM8Am9Evhij6qUZhbMOo3ZtEokC0ogcfzpPGtTRnjjm -mZ1S9CiKJKCRVTqiKt3xVkMptfLIgbTOq8lS2gDIo8okClFLw6jjGYNIBuo2trFb -WAFZWVYvAgMBAAECggEACbS1E9kAfARUGTousTOgiMPfaH5RBVZiR3t5muPbYOsX -+DJf7TltPdnh8Iuqemdr/T9n+kbQu2lAt9SiTuzxyJYPDRYWR7hQi0xKJA/k/q/r -abNxO9kw4dVhrQnRcHtfoU/e1s20YqgrFvLBe2o/PkiJXQMAaYpIm01I8MvzvNAg -E3N/V/ZycJzsrJ/a5xiwD33LQnLWlcSoUdIWv8UheWtmql2/NxjoD1VnVF2TqVkU -zmpR5Zhd/RNaHl/m2MJHPPrkUbVmVTdub/xgV3cfGKOkJzMI1dUN/QzwxVe0HED1 -eO/AAUK1JCZcJPnlnqdXDRZk0DLW2T2c7jU3JaLeAQKBgQDs0O7VSHETw2uNDb4T -UXxXyeq+YR1IYqHTGIMd1xQ+mt5O+Cv7OnG/+TeV1LfLeUOzoRkdibwGq9MldTZq -2W0a3T+6+TKzvhNwfDaiJH1emIr3ggDltDRHhhjN6L44Pq9atqTcdrrnnrizh1Qc -PveaZomGi2uGLubIoU1cZfFanwKBgQDq2A6vO15ZkakMo6ugE7kCjSnGgzdaFTEN -MV6jG1D75idabf7+BoMkb1s72ZKuYXIpmfoSD5b/2DRomUHIEjdDWD38IrJEhQyP -z4+3srUqfUBpKUe9EoTxKe9PSJ7FYjWF/mPeyEyz18aw5lNbeMdccDIYI3UBDQSH -KypZ3CXqcQKBgEmaUnDFuCdtWHMZr1bvv5bFcglDw8coqKUkfDP9EhS3K5sdtQW7 -T3lcKvONjqZWBT3CNz0f/umP4+tDd+tTsn5j/5fMNf75d69BW/WfI7wP6zksFb1O -+eS0/+aXjO+MRBIMrEa9PDAa+8sIp5Kz218IuXuwv3WQBDidMZ8jLBV/AoGBAI6A -/KgohmAjm0koKATC8wkxT6A+D2CCa3lt89dVxBaW2lptVMYgfYOmbt4qcG+Qgg3s -eWpsO1yUfXjbRqd5Jj+fVD2jcDlT4wOBF9yIfJaD2on1mqqIilMs9yJNFsr/hSsB -6uhM8v5OeSrvGLXw3EijbEJpgZ5Zn93Fu7U7eWaBAoGBANWv9TNFtLxlD8hE4odo -shw6JtyBcttszF8tLo+n6Pvf1SKGIuVWpfZ1MWnGrnhsPw8jomLUo0zcWdrVGQ1L -ZrtA8rVswvSHoPGyDx+ANgy/NTux+GJbt8xld7iio8YV2UnwiECj4hQhgPMxj2tS -XjBQ+fCNhVudAk5CxRP7rXy1 ------END PRIVATE KEY----- diff --git a/conf/imx_hab4/SRK_2_crt.pem b/conf/imx_hab4/SRK_2_crt.pem deleted file mode 100644 index b830e64..0000000 --- a/conf/imx_hab4/SRK_2_crt.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDYDCCAkigAwIBAgIUMYsr08d3Kr99L0eEWDn4Os+HSnIwDQYJKoZIhvcNAQEL -BQAwHDEaMBgGA1UEAxQRU1JLXzJfc2hhMjU2XzIwNDgwHhcNMTkwODI2MjEwMTIy -WhcNMjkwODIzMjEwMTIyWjAcMRowGAYDVQQDFBFTUktfMl9zaGEyNTZfMjA0ODCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKrnGUkguzO14yb2XYel8XNJ -dgk8gyRObdiE1Frxtus8fN0Wqu80jvcufh3040q3/EFplaZEv5wNfQ9xWraYwBI5 -H/bgkG4NtNCtzfJw9a3KoustBa+WVoNjtdWEYA4xwAinzKTorzbXCZkhb/p8xuA6 -90vGLJx/BEEG4SDvCYuM3whWSl26vFwz0IPpVQJcmIx/l6a1Ld4Vajih3wK7FYfs -nq9HpMBUdL0Wc22AThrLN2z7tky1vylj0SuNVTS1hlwvSKiPJi0iS5ob/Z976PdK -GVb5FJELCDEh5Nn61j6JkrdQLrMwJz0KjpNEnSUB2j3KcnLPJVbfmqRDzgTkgmkC -AwEAAaOBmTCBljAdBgNVHQ4EFgQULj8xzBDGt8tq2oYiR7lQfQ5SwdkwVwYDVR0j -BFAwToAULj8xzBDGt8tq2oYiR7lQfQ5SwdmhIKQeMBwxGjAYBgNVBAMUEVNSS18y -X3NoYTI1Nl8yMDQ4ghQxiyvTx3cqv30vR4RYOfg6z4dKcjAPBgNVHRMBAf8EBTAD -AQH/MAsGA1UdDwQEAwICBDANBgkqhkiG9w0BAQsFAAOCAQEAH5b1lGjRNVfmBIR4 -075kLblIgANnVG3W6nGacUg6Pw47i6DO/tikk/1QZj1gAy+qdtwPVd1QQLZwSAFW -6lh/pfcKfPh2ezF3/ZQ7LzSgYQj8KmiyLQ2v93tg6vb8AjlKlXE9iheXswK5ZMrt -mKHQ6izM2TvCNEDgp5z4KnfBoGu6Mvn9Gol2Io714jGrmWmkSzbLav/3V0D7d0BT -ZBQL59SE0eAiHWh1jT4kAQ1jCRZ6jiX8Bd/RrHunbrlej1uh6BGQmEaWV+rcWkIu -6mo7IyF5RtHJASex8FSBnHFozBRGMSpi7iEVz809obp/HjZhLE40Us40X0JSFxWo -tYczsQ== ------END CERTIFICATE----- diff --git a/conf/imx_hab4/SRK_2_key.pem b/conf/imx_hab4/SRK_2_key.pem deleted file mode 100644 index 976fe85..0000000 --- a/conf/imx_hab4/SRK_2_key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCq5xlJILszteMm -9l2HpfFzSXYJPIMkTm3YhNRa8bbrPHzdFqrvNI73Ln4d9ONKt/xBaZWmRL+cDX0P -cVq2mMASOR/24JBuDbTQrc3ycPWtyqLrLQWvllaDY7XVhGAOMcAIp8yk6K821wmZ -IW/6fMbgOvdLxiycfwRBBuEg7wmLjN8IVkpdurxcM9CD6VUCXJiMf5emtS3eFWo4 -od8CuxWH7J6vR6TAVHS9FnNtgE4ayzds+7ZMtb8pY9ErjVU0tYZcL0iojyYtIkua -G/2fe+j3ShlW+RSRCwgxIeTZ+tY+iZK3UC6zMCc9Co6TRJ0lAdo9ynJyzyVW35qk -Q84E5IJpAgMBAAECggEBAIseppm92EYG6UtdP9PdhMhpY3mvVb3nTkn0Dv2dSF8D -lU1QV4NzkHGs2iM+pwu669C/x39a9XNuE4DPsJ11iN0MvXV1Zn0AEVHSOhUCWSvJ -CYhR1RATXIeGUo3mPV8wpnclSVRwybjlob2S15nbmvULayW2w7f9OZRJqlfp3iZH -CDplUiyiOuDQ6DRA69NVfW4kRAWQcNHFFHSEq+6MOqInVOKy/MR3WCXOgXBSSRFQ -o5pvDlOujHdhQOnJvT/eUj7MHfpZpb6MgwrzEvzsWrXRnrbfA9TMN1vuYX1vKLtv -Qt2dIgllaiV16c8Zh+9qWl/HBfKGhW9tvlIsQNHk5yUCgYEA33ZUzSGZB//uKYvg -dvGfv0lW8HqLannkJoaK77La+P7qTzeA3Eap3QFFvlTarARzNoEMcWO8YMRpgNrn -ZdJQYtHo0WRnXEBREXHBrr8TXskqluiVDo061bn3h5OOKHMZ1LoyVDflwEqge3JO -gC5P9C0AbPkfUse6NUL0JHCvHMcCgYEAw8mV00YZ54Sa8nMvYDE8rfFDQXA71TjQ -TFl1ghD12SRW7bc0cqZ5nsIQj6JvX6XdwBPyadToMGZ57ktFSB3x+1FaRooCozur -2ljFHY1JGKsur1RK4CGELVcC6cJvqa3vTnIzxTFI2/OZbQj7L2GCmZlzeunVGR9n -vhZXDWJVV08CgYAuU+cC3CtQ2EN1A5XWswNOchL/KjjLK1gckJovVaJGKvtCzxv9 -Dv1aX1ApRIhNT2LfcuO0glvkp/PDjh6ZIoAd7Kza9HjlTERCXJYt91k5tnUI8lEs -wiTneHWT+whm5G3/h1a11Rzhv9cDoNAbjP5wff/vl7phvByjvCzHfUEgswKBgFgX -KDlCDj+z0z+JAeTm4mVk6xzTUahzAo2Hpq5Z0TPc/NvCFXAMZSZALNFjhXbkmyxk -DSr+52V3hh7ocQisqIaqKNMaH2uwWndIf4/3VM8rnjq202WazuzTfHUOzczrfIOw -MIjlzuFf7kU3yESeO/O+Lk48TWwbTEMjrBFSkBFTAoGBANPS7L399Xh7yio2mOkA -Y4O+WpugX78357I7GPLbFWJgFASO3BfirkUsKC7SRV9Lqc8Jfmie/ESph7EurwJS -dxVUSm7cvIWI7GxasaINOPqXUVbk+pv4BfDqt1LdVA3WPpVGSAEB/gmGzP/7cylU -hyJHksT2NwbOxDscffTVlsOJ ------END PRIVATE KEY----- diff --git a/conf/imx_hab4/SRK_3_crt.pem b/conf/imx_hab4/SRK_3_crt.pem deleted file mode 100644 index dc4dd9f..0000000 --- a/conf/imx_hab4/SRK_3_crt.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDYDCCAkigAwIBAgIUNmNl3GgTsV9vndkUtcNwuOTi57wwDQYJKoZIhvcNAQEL -BQAwHDEaMBgGA1UEAxQRU1JLXzNfc2hhMjU2XzIwNDgwHhcNMTkwODI2MjEwMTIy -WhcNMjkwODIzMjEwMTIyWjAcMRowGAYDVQQDFBFTUktfM19zaGEyNTZfMjA0ODCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKJj2qqtExdMa6SLIUUXRmzX -uOZeLDxOcPWtPedB73fc/05FX8cpZ2JpWmCstr1LmTI70UORdXFZQi4yTHAqUvEd -tI+Gw3BQzjkF45BTjpOpdLFbrMk5NH7CbBt+j/a/00fRNormwBl9UR+zQNvVtU5j -cDiaKW+ZsG+MdjvvwSOIOWTptfvIsFWPb9cmPzNkslPNm/OXvnoYNl4AfipRGwSx -2EPg/OEXN0pqCebJYOQIOzAYlYZ2uKBInsxzbxHq3TzGnvpKK5t9eikbxps8zrQV -Ty3PUhNIm0KsQhU86aP0W0pZRVdMlSZHP6Vd5QGLfhuWztIvR9zzbWDSXahpvWEC -AwEAAaOBmTCBljAdBgNVHQ4EFgQUDYYSrWTVwz/2gZKaWCmqdsTbEKowVwYDVR0j -BFAwToAUDYYSrWTVwz/2gZKaWCmqdsTbEKqhIKQeMBwxGjAYBgNVBAMUEVNSS18z -X3NoYTI1Nl8yMDQ4ghQ2Y2XcaBOxX2+d2RS1w3C45OLnvDAPBgNVHRMBAf8EBTAD -AQH/MAsGA1UdDwQEAwICBDANBgkqhkiG9w0BAQsFAAOCAQEAFALiE2Zr/uYP19zq -3LzDaCcZi8SrXPTmLFwMDQfMtcXj3GTpz03XoTsSyQ3YgsNJH+6oHII/z2G7CBl5 -WS85ObpmWFm69cLoTJzbCma9OF5FqqDnsUq9x4wDBQnWZepSCufm6Lw95MzpKfPS -H4Mvn3X2Q1kiX0dn4s2xvk2Qt3g7GFhzEAymvdtAX+ivIUVon+QMLbDF0fUk+IR+ -4t7r72A6tTGVMMoAGs6QKwBdwOwnN+wQDylewBUq3CAE0+DfbeMQSKS08UAuAkXc -bNIXtm8Nn8M37249AfMALD7B3hV+EjN8WlHYAuyNnmXQkOpWPfP9XhYlfkhDCDMD -jNPQGQ== ------END CERTIFICATE----- diff --git a/conf/imx_hab4/SRK_3_key.pem b/conf/imx_hab4/SRK_3_key.pem deleted file mode 100644 index 73ea299..0000000 --- a/conf/imx_hab4/SRK_3_key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCiY9qqrRMXTGuk -iyFFF0Zs17jmXiw8TnD1rT3nQe933P9ORV/HKWdiaVpgrLa9S5kyO9FDkXVxWUIu -MkxwKlLxHbSPhsNwUM45BeOQU46TqXSxW6zJOTR+wmwbfo/2v9NH0TaK5sAZfVEf -s0Db1bVOY3A4milvmbBvjHY778EjiDlk6bX7yLBVj2/XJj8zZLJTzZvzl756GDZe -AH4qURsEsdhD4PzhFzdKagnmyWDkCDswGJWGdrigSJ7Mc28R6t08xp76SiubfXop -G8abPM60FU8tz1ITSJtCrEIVPOmj9FtKWUVXTJUmRz+lXeUBi34bls7SL0fc821g -0l2oab1hAgMBAAECggEBAJPGmLwOyju+gIp5Tepo1t6/pPSGqGys2WDIqXekaf5C -71ZUDWfZRsqoouUs5xL2E9BB3RpG6YAfwPj3LtY3vcjLxn+CHKI99pyvvjmdwDah -055+lYt8ckgUN3sBvpLGV8eYHLFkcVYA020sm44yOU6/cOUhbSmwy32HbiT29mSU -5FgpC/q2qpZQzdhDWSBpnzcKwJp68F5TMCAAp5RQoBcoTiMonFY0z+G08xJVTEno -mjDjk+1k9nZSMNNJK0tlnF/DgEWhYrtkOBE8TA39OlkbCbpJoH0+h/AHtegdZ0LE -17R2/kzHYXbzpMl6Vxff75DoXltPT9lKgEk/BNDhix0CgYEA1ffXeXeko+IZNonX -PLco9N0ug/wxiFJywHEB3suOTMwdQ0o3m9oi1bFM1mlXBf3/WbQW4NUwFDwIoR8q -Zc9GIiEaWc+HJA21V3sbKeRa07AXx9Bsk0lwvIRAbxKPjn7+o6+2grd6pLf4CdZf -sOjukvdtQQK4DVjeN12pbwHaoT8CgYEAwko5HOcqddg9QemVqH6DhVCQeZOilgsy -lUBmEbJRWDnBPWFxPEEQ1N3SCC10WkrdppJ2MSdIBmNUHQ6pGGtCa8BMlghifWI8 -Ecc4HxbMGsLtaClIK+DgbbULKXDIV2EN5inUkkQbqExk2qPIwVXd4RSQTV5cJp4e -nzfYOpKHWV8CgYEAwS5NKuvsh9JA9U6qN7Uek0WHE78EcZIO7NSa3a5mwcuft/sw -DdR6kvjK6OKeoVhbzX+dEE0qZXp2SBI9U0I6jeHZSrDl0JVX3q3VLpNvtaRNNChn -futVj77P9fiKCBt8iAjC/W3umv1GQot8RdtoWuRtjb6IsfREXTSBHypLXD0CgYBN -agehtZYciIG3/puMHITJHNXEK4gv4txPze4dhQCWd8TAcVAOIxrSxmPGsF3ZEFWK -5nbDlRREv1UnkszblvlLN78MVODxdq/aoZeCA7Jlw1+XDkPcf+jMrcN5yp94+Ynx -OJ+jfBHNGEtjNrlqF42l/myU91EebghjhnvYssPNXwKBgAmZTvi5xmbQpse9PIqw -MiS9il83gc4uVPhDGRTew8sQIauRZ0EO6mLyJsB9VCXR4k+tqezQdAHK/tro6Qm0 -reANl1K7HQ/FEdylqH2/oX5jGsedeckYsagxPdU0pi1owFcpYfi8FL7v6dZ1WKrk -WzHsSeTJVrW4pMecvmHoVcC/ ------END PRIVATE KEY----- diff --git a/conf/imx_hab4/SRK_4_crt.pem b/conf/imx_hab4/SRK_4_crt.pem deleted file mode 100644 index 8fd991e..0000000 --- a/conf/imx_hab4/SRK_4_crt.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDYDCCAkigAwIBAgIUQJA6x/J14zcbrg+lJiYplYqJbFswDQYJKoZIhvcNAQEL -BQAwHDEaMBgGA1UEAxQRU1JLXzRfc2hhMjU2XzIwNDgwHhcNMTkwODI2MjEwMTIz -WhcNMjkwODIzMjEwMTIzWjAcMRowGAYDVQQDFBFTUktfNF9zaGEyNTZfMjA0ODCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOWHIxzN/nW5tBRCWlkJ3qmy -XbvsprUUIgInsD6Vm1hUNYpoaYsOiBfiUrNmWV2cDzvA71DagZYsfq1dcmfcD9f/ -oX1pyGdd8TPW5io9UYfgGUSV1tAMUWA71edXxunbFJ6FYAEIjVgWnF5YCsfy7d0K -/JNOn+dRmzwPEEYL3nUjLMT3ZCtmSm0BBiAmU/LCtylAjuzszQSN8QcbwgJs+uw5 -JB639FmR+ww/BENABLAvAzwyQQ14hg07uyUFZSq3CEaYRwq7dKOZakR9alTtOS+b -woSf7qtGvfDgD4m/MU2E1Sr9rMPN/KaYgnplmrVN3Vkl89EIx9wTbFbXFlXNe0sC -AwEAAaOBmTCBljAdBgNVHQ4EFgQU572W9OpvR4f/WdG8TdhbX8A2DRUwVwYDVR0j -BFAwToAU572W9OpvR4f/WdG8TdhbX8A2DRWhIKQeMBwxGjAYBgNVBAMUEVNSS180 -X3NoYTI1Nl8yMDQ4ghRAkDrH8nXjNxuuD6UmJimViolsWzAPBgNVHRMBAf8EBTAD -AQH/MAsGA1UdDwQEAwICBDANBgkqhkiG9w0BAQsFAAOCAQEAkD3TMywcYm7PC3DV -46wsDlfRUTHwo2G41Rsq8OBcMiiQyD32L6zQCJGzN8FnAY9wlE1f+968gVO9OL5g -lc2kbwXeIcnNG4bxbV9Wa/IgMyMmpoeowomPCKJu+Tlm5NmzJnjFtIbW/drVzA9y -K7M0Kxqi2paI8Y3Jhf0ywDTyjG8PNE2XZstPd8nred6GzTCNc74bH++BUSYslSDB -rnotFFQv/qmSGrAkJsYYrowgd0FUVzfYbCBTMy9Tjbs34RaURnqQoEIpSyKZe8SD -2DgLynp7XhtSv6t3EdGhhMYcUJFi/D7OYHaTVtkWb4UjKCAh5tTl0TMWPS4NWyQz -OYUkTw== ------END CERTIFICATE----- diff --git a/conf/imx_hab4/SRK_4_key.pem b/conf/imx_hab4/SRK_4_key.pem deleted file mode 100644 index 0775659..0000000 --- a/conf/imx_hab4/SRK_4_key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDlhyMczf51ubQU -QlpZCd6psl277Ka1FCICJ7A+lZtYVDWKaGmLDogX4lKzZlldnA87wO9Q2oGWLH6t -XXJn3A/X/6F9achnXfEz1uYqPVGH4BlEldbQDFFgO9XnV8bp2xSehWABCI1YFpxe -WArH8u3dCvyTTp/nUZs8DxBGC951IyzE92QrZkptAQYgJlPywrcpQI7s7M0EjfEH -G8ICbPrsOSQet/RZkfsMPwRDQASwLwM8MkENeIYNO7slBWUqtwhGmEcKu3SjmWpE -fWpU7Tkvm8KEn+6rRr3w4A+JvzFNhNUq/azDzfymmIJ6ZZq1Td1ZJfPRCMfcE2xW -1xZVzXtLAgMBAAECggEAQI+MXtPKWU7Myk4Hn7fY+56CIxPjqFdrYXPMbS4jreqx -zKal2UlTGnS8kl2dkWkOF96i8fkkLhuB3j3EqlYJ1tW+lMomZnzUFaLCxurMfg2Y -zePfslFkqk7qUdIszyaiXBxj7qZ7K2XgweC915QLN/uZI84fyC76HSCXkTxRbFza -A1Jidv8WAt75xelhH7UoPw7cED0ZWiZ3qHVbpag7hNGhhGtTZU12yiQjK+eDG1th -V9Jr0f7h/VJRsDay8jh/mZYsKmdko+Q6wLO7M3D32w/OeeX75IvNDE3pxyDLaG2i -zoavWDOkpjM7zXFWMfqdHzL6fIYsDTuVhYKErBxpgQKBgQD89++lRwOccSq7J1WB -z4nzlghzfaFIqSw8q59JKWBtSHEktmpFKyKWiXgzN3Vqza7WgUYEiCcTNYefzWjt -tWwOFBwdCv7klIQUcmMJs5rjp/GWIXCbarRF7dS4hmmIC4XnTkwOiJGV/8gvm7Ds -m5v6AWy1QcwP2uvGjcZzcBHlqwKBgQDoR0oMB/+7Xyx4ENpHFP9FVfXgZeszJ2rm -j7BMXclLU6mw1PlyLeU9Wpn4So2Jw2n5FIcHtxSteOdrqNG491Bzkl3df8/oQPRp -xyASmDWKm2rTWHw1ai7YqqbSZt8VT/rUQGJvHPKekHwG+tqDq4dnuERtls+AGig/ -iAQUYFfg4QKBgCyOIthyfJFWYVdbYzUc78hGebCVxQ1+NnttIv4I2qIE62Cy/F64 -bTwkdFZZA0ZPeebwF/v+WxuIBx4/WKbdmG2WXylCYYizG9xaFVWFG9fTIbr2otXM -4nmanSfvDLFYjjoiUUUSCspnpcO04WGbOsq664G1WBLG1VZAbF6ys4RHAoGAaGRR -xSJ7LqzRgYyhbTzklTbS8G0dzbmzc7e0Vj34T+Bj7VNqYIR7+J0Vgd+PyRCIOied -oDwKEQS7jUksKGMOR0LK6NeeixVWQ4v4wCKkPY0n76BfAmqcb0gS/ZC6RgvSAT6G -fsWVzOnGtCRdvLuEeXr5Vf9ndn1LBXKN0tKR7EECgYBk7OKuLNmcYlbXLjkFLGYW -YwKJFSrWI8YVU0zIqT69CN4aw5zAbYSiSFSo6Mif2QVVgALli64lPm4BwzfR2kCI -2ugRueGKtnKQmwkyhOGWISGbUYrm/HhrGkrIBIYtaFWuJnGeVWlbgv483AgyXuBZ -LtvwXrnJBNG6ztk+vbQZFg== ------END PRIVATE KEY----- diff --git a/conf/imx_hab4/print_fuses b/conf/imx_hab4/print_fuses deleted file mode 100755 index ba5e9b2..0000000 --- a/conf/imx_hab4/print_fuses +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -hexdump -e '/4 "0x"' -e '/4 "%X""\n"' SRK_1_2_3_4_fuse.bin diff --git a/conf/imx_hab4/sign-file.sh b/conf/imx_hab4/sign-file.sh deleted file mode 100755 index 384eec3..0000000 --- a/conf/imx_hab4/sign-file.sh +++ /dev/null @@ -1,226 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2019 Foundries.io -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# stop on errors -set -e - -CST_BINARY="cst" -CSF_TEMPLATE="u-boot-spl-sign.csf-template" -KEY_DIR="." -DCD_CLEAR=0 -DISPLAY_USAGE=0 -SIGN_SPL=0 -SIGN_M4APP=0 - -parse_args() -{ - while [ ${#} -gt 0 ] - do - case ${1} in - --cst) - CST_BINARY=${2} - shift - shift - ;; - --csf-template) - CSF_TEMPLATE=${2} - shift - shift - ;; - --spl) - WORK_FILE=${2} - SIGN_SPL=1 - shift - shift - ;; - --m4app) - WORK_FILE=${2} - SIGN_M4APP=1 - shift - shift - ;; - --key-dir) - KEY_DIR=${2} - shift - shift - ;; - --fix-sdp-dcd) - DCD_CLEAR=1 - shift - ;; - -h) - DISPLAY_USAGE=1 - shift - ;; - --help) - DISPLAY_USAGE=1 - shift - ;; - *) - shift - ;; - esac - done -} - -parse_args "$@" - -if [ "${DISPLAY_USAGE}" = "1" ]; then - echo "usage for: ${0}" - echo " --cst: set cst binary path/filename [default: ${CST_BINARY}]" - echo " --csf-template: set CSF template file [default: ${CSF_TEMPLATE}]" - echo " --spl: SPL binary to sign [--spl or --m4app is required]" - echo " --m4app: M4 binary to sign [--spl or --m4app is required]" - echo " --key-dir: location for key files [default: ${KEY_DIR}]" - echo " --fix-sdp-dcd: turn on clear / restore DCD addr for SPD SPL binary" - exit 0 -fi - -if [ -z "${WORK_FILE}" ]; then - echo "ERROR: must specify either --spl or --m4app" - echo 1 -fi - -if [ "${SIGN_M4APP}" = "1" ] && [ "${DCD_CLEAR}" = "1" ]; then - echo "ERROR: --fix-sdp-dcd is incompatible with --m4app" - echo 1 -fi - -if [ "${DCD_CLEAR}" = "1" ]; then - FIX_SDP_DCD="yes" -else - FIX_SDP_DCD="no" -fi - -echo "" -echo "SETTINGS FOR : ${0}" -echo "--------------:" -echo "CST BINARY : ${CST_BINARY}" -echo "CSF TEMPLATE : ${CSF_TEMPLATE}" -echo "BINARY FILE : ${WORK_FILE}" -echo "KEYS DIRECTORY: ${KEY_DIR}" -if [ "${SIGN_SPL}" = "1" ]; then - echo "FIX-SDP-DCD : ${FIX_SDP_DCD}" -fi -echo "" - -# Transform template -> config -sed "s/@@KEY_ROOT@@/${KEY_DIR}/g" ${CSF_TEMPLATE} > ${CSF_TEMPLATE}.csf-config - -# working file used for signature -cp ${WORK_FILE} ${WORK_FILE}.mod - -# for M4 application: pad binary to 0x1000 alignment -if [ "${SIGN_M4APP}" = "1" ]; then - BINARY_LEN=$(od -An -t x4 -j 0x1024 -N 0x4 ${WORK_FILE}.mod | cut -d' ' -f2) - BINARY_LEN=$(printf "%08x" $(((0x${BINARY_LEN} / 0x1000 + 1) * 0x1000))) - objcopy -I binary -O binary --pad-to 0x${BINARY_LEN} --gap-fill=0x5A ${WORK_FILE}.mod ${WORK_FILE}.mod -fi - -# DCD address must be cleared for signature, as SDP will clear it. -if [ "${DCD_CLEAR}" = "1" ]; then - # generate a NULL address for the DCD - dd if=/dev/zero of=zero.bin bs=1 count=4 - # replace the DCD address with the NULL address - dd if=zero.bin of=${WORK_FILE}.mod seek=12 bs=1 conv=notrunc - rm zero.bin - - # get DCD block info using od, tr and awk - DCD_START=$(od -An -t x4 -j 0x20 -N 0x4 ${WORK_FILE}.mod | cut -d' ' -f2) - DCD_HEX=$(od -An -t x4 -j 0x2c -N 0x4 --endian=big ${WORK_FILE} | tr -d ' ' | awk '{print substr($0,3,4)}') - DCD_LEN=$(printf "0x%08x" 0x${DCD_HEX}) - # hard-code DCD location to bottom of RAM w/ offset of 2c - DCD_BLOCKS="0x${DCD_START} 0x0000002c ${DCD_LEN}" - echo "FOUND DCD Blocks ${DCD_BLOCKS}" - - # append DCD block information to CSF config - echo "[Authenticate Data]" >> ${CSF_TEMPLATE}.csf-config - echo "Verification index = 2" >> ${CSF_TEMPLATE}.csf-config - echo "Blocks = ${DCD_BLOCKS} \"${WORK_FILE}.mod\"" >> ${CSF_TEMPLATE}.csf-config - echo "" >> ${CSF_TEMPLATE}.csf-config -fi - -# get HAB block info using od -if [ "${SIGN_M4APP}" = "1" ]; then - HAB_IVT_SELF=$(od -An -t x4 -j 0x1014 -N 0x4 ${WORK_FILE}.mod | cut -d' ' -f2) -else - HAB_IVT_SELF=$(od -An -t x4 -j 0x14 -N 0x4 ${WORK_FILE}.mod | cut -d' ' -f2) -fi - -# get HAB length using stat -HAB_LEN=$(printf "0x%08x" `stat -c "%s" ${WORK_FILE}.mod`) - -# insert CSF offset into m4app binary (as it isn't set by default) -# adjust boot data size to include CSF -if [ "${SIGN_M4APP}" = "1" ]; then - # remove header from HAB length - HAB_LEN=$(printf "0x%08x" $((${HAB_LEN} - 0x1000))) - # insert CSF offset - HAB_CSF_OFFSET=$(printf "%08x" $((0x${HAB_IVT_SELF} + ${HAB_LEN}))) - # generate binary in bigendian - HAB_CSF_OFFSET_OCT_1=$(printf "%o" $(echo "$HAB_CSF_OFFSET" | awk '{print "0x"substr($0,7,2)}')) - HAB_CSF_OFFSET_OCT_2=$(printf "%o" $(echo "$HAB_CSF_OFFSET" | awk '{print "0x"substr($0,5,2)}')) - HAB_CSF_OFFSET_OCT_3=$(printf "%o" $(echo "$HAB_CSF_OFFSET" | awk '{print "0x"substr($0,3,2)}')) - HAB_CSF_OFFSET_OCT_4=$(printf "%o" $(echo "$HAB_CSF_OFFSET" | awk '{print "0x"substr($0,1,2)}')) - printf "\\${HAB_CSF_OFFSET_OCT_1}\\${HAB_CSF_OFFSET_OCT_2}\\${HAB_CSF_OFFSET_OCT_3}\\${HAB_CSF_OFFSET_OCT_4}" > ${WORK_FILE}.csf_offset - # write the CSF_OFFSET to binary @ 0x1018 - dd if=${WORK_FILE}.csf_offset of=${WORK_FILE}.mod seek=4120 bs=1 conv=notrunc - rm ${WORK_FILE}.csf_offset - - # increase boot data size to include csf - BOOT_DATA_SIZE=$(printf "%08x" $((${HAB_LEN} + 0x2000))) - # generate binary in bigendian - BOOT_DATA_SIZE_OCT_1=$(printf "%o" $(echo "$BOOT_DATA_SIZE" | awk '{print "0x"substr($0,7,2)}')) - BOOT_DATA_SIZE_OCT_2=$(printf "%o" $(echo "$BOOT_DATA_SIZE" | awk '{print "0x"substr($0,5,2)}')) - BOOT_DATA_SIZE_OCT_3=$(printf "%o" $(echo "$BOOT_DATA_SIZE" | awk '{print "0x"substr($0,3,2)}')) - BOOT_DATA_SIZE_OCT_4=$(printf "%o" $(echo "$BOOT_DATA_SIZE" | awk '{print "0x"substr($0,1,2)}')) - printf "\\${BOOT_DATA_SIZE_OCT_1}\\${BOOT_DATA_SIZE_OCT_2}\\${BOOT_DATA_SIZE_OCT_3}\\${BOOT_DATA_SIZE_OCT_4}" > ${WORK_FILE}.boot_data - # write the modified boot_data size to binary @ 0x1024 - dd if=${WORK_FILE}.boot_data of=${WORK_FILE}.mod seek=4132 bs=1 conv=notrunc - rm ${WORK_FILE}.boot_data -fi - -# generate HAB block information -if [ "${SIGN_M4APP}" = "1" ]; then - # adjust signed length for the offset - BINARY_LEN=$(printf "0x%08x" $((0x${BINARY_LEN} - 0x1000))) - HAB_BLOCKS="0x${HAB_IVT_SELF} 0x00001000 ${BINARY_LEN}" -else - HAB_BLOCKS="0x${HAB_IVT_SELF} 0x00000000 ${HAB_LEN}" -fi -echo "FOUND HAB Blocks ${HAB_BLOCKS}" - -# append HAB block information to CSF config -echo "[Authenticate Data]" >> ${CSF_TEMPLATE}.csf-config -echo "Verification index = 2" >> ${CSF_TEMPLATE}.csf-config -# use .mod file in case we cleared DCD info -echo "Blocks = ${HAB_BLOCKS} \"${WORK_FILE}.mod\"" >> ${CSF_TEMPLATE}.csf-config - -# generate the signatures, certificates, ... in the CSF binary -${CST_BINARY} --o ${WORK_FILE}_csf.bin --i ${CSF_TEMPLATE}.csf-config - -# for m4app binary combine padded .mod file w/ CSF offset written -if [ "${SIGN_M4APP}" = "1" ]; then - cat ${WORK_FILE}.mod ${WORK_FILE}_csf.bin > ${WORK_FILE}.signed -else - cat ${WORK_FILE} ${WORK_FILE}_csf.bin > ${WORK_FILE}.signed -fi - -# Cleanup config / mod SPL -rm ${CSF_TEMPLATE}.csf-config -rm ${WORK_FILE}_csf.bin -rm ${WORK_FILE}.mod diff --git a/conf/imx_hab4/u-boot-spl-sign.csf-template b/conf/imx_hab4/u-boot-spl-sign.csf-template deleted file mode 100644 index a5b6d84..0000000 --- a/conf/imx_hab4/u-boot-spl-sign.csf-template +++ /dev/null @@ -1,27 +0,0 @@ -[Header] -Version = 4.1 -Hash Algorithm = sha256 -Engine Configuration = 0 -Certificate Format = X509 -Signature Format = CMS -Engine = CAAM - -[Install SRK] -File = "@@KEY_ROOT@@/SRK_1_2_3_4_table.bin" -Source index = 0 - -[Install CSFK] -File = "@@KEY_ROOT@@/CSF_1_crt.pem" - -[Authenticate CSF] - -[Unlock] -Engine = CAAM -Features = MID, RNG - -[Install Key] -# Key slot index used to authenticate the key to be installed -Verification index = 0 -# Key to install -Target index = 2 -File = "@@KEY_ROOT@@/IMG_1_crt.pem" diff --git a/conf/local.conf b/conf/local.conf index c22e69c..9176188 100644 --- a/conf/local.conf +++ b/conf/local.conf @@ -98,3 +98,7 @@ ENABLE_SERIAL_CONSOLE = "1" PREFERRED_RPROVIDER_kubelet = "kubelet" WKS_FILES_uz = "sdimage-uz-sota-config.wks.in" + +# if persistent /var/log is desired, set the following to "no" +# persistent logging is required to enable Journald's Forware Secure Sealing (FSS) feature +VOLATILE_LOG_DIR = "no" diff --git a/lmp-base.xml b/lmp-base.xml index 79538a1..d9692c6 100644 --- a/lmp-base.xml +++ b/lmp-base.xml @@ -5,15 +5,15 @@ - + - - - - - - - + + + + + + + diff --git a/lmp-bsp.xml b/lmp-bsp.xml index e2861bc..12ed450 100644 --- a/lmp-bsp.xml +++ b/lmp-bsp.xml @@ -4,14 +4,14 @@ - - - - + + + + - + - - - + + + diff --git a/pelion.xml b/pelion.xml index 709fcd6..26cff0e 100644 --- a/pelion.xml +++ b/pelion.xml @@ -4,13 +4,26 @@ + + + revision="refs/tags/2.3.0" /> + revision="refs/tags/2.3.0" /> + + + + diff --git a/setup-environment-internal b/setup-environment-internal index 1d7f81a..797cc15 100644 --- a/setup-environment-internal +++ b/setup-environment-internal @@ -139,7 +139,7 @@ export PATH=$(echo "$PATH" | export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCLIBC TCMODE GIT_PROXY_COMMAND \ http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy \ SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE \ - BB_NUMBER_THREADS" + BB_NUMBER_THREADS BB_LOGCONFIG BB_CONSOLELOG" mkdir -p "${BUILDDIR}"/conf && cd "${BUILDDIR}" if [ -f "conf/auto.conf" ]; then @@ -167,8 +167,8 @@ if [ ! -f "conf/keys/dev.key" -a ! -f "conf/keys/dev.crt" ]; then ln -sf "${MANIFESTS}"/conf/keys/dev.crt conf/keys/dev.crt fi # Link default iMX HAB4 development keys and certificate if not set by the user -if [ ! -e "conf/imx_hab4" ]; then - ln -sf "${MANIFESTS}"/conf/imx_hab4 conf/keys/imx_hab4 +if [ ! -e "conf/keys/imx_hab4" ]; then + ln -sf ${OEROOT}/tools/lmp-tools/security/imx_hab4 conf/keys/imx_hab4 fi ln -sf "${MANIFESTS}"/conf/bblayers.conf conf/bblayers.conf ln -sf "${MANIFESTS}"/conf/bblayers-base.inc conf/bblayers-base.inc