使用cst-2.3.3(i.MX High Assurance Boot Reference Code Signing Tool(REV 2.3.3))制作uboot(2016.03)的secureboot,但是在执行完以下几个步骤后,无法生成SRK表,不知道是什么原因。
1.生成PKI树:
> 进入CST目录:secure_boot/cst-2.3.3/keys,执行
$ openssl version
$ ./hab4_pki_tree.sh
2.生成SRK表:
> 进入secure_boot\cst-2.3.3\crts目录,执行:
../linux64/bin/srktool -h 4 -t SRK_1_2_3_4_table.bin -e SRK_1_2_3_4_fuse.bin -d sha256 -c ./SRK1_sha256_2048_65537_v3_ca_crt.pem,./SRK2_sha256_2048_65537_v3_ca_crt.pem,./SRK3_sha256_2048_65537_v3_ca_crt.pem,./SRK4_sha256_2048_65537_v3_ca_crt.pem -f 1
3.创建CSF描述文件csf-uboot
#Illustrative Command Sequence File Description
[Header]
Version = 4.1
Hash Algorithm = sha256
Engine = ANY
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = “../crts/SRK_1_2_3_4_table.bin”
Source index = 0 # Index of the key location in the SRK table to be installed
[Install CSFK]
# Key used to authenticate the CSF data
File = “../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem”
[Authenticate CSF]
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target Index = 2
# Key to install
File= ”../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem”
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Address Offset Length Data File Path
Blocks = 0x877fb000 0x000 0x48000 “/home/user/path_to_u-boot_dir/u-boot.imx”
4.生成CSF二进制签名
linux64”目录中,CST调用CSF输入文件生成CSF二进制文件:
$ cd secure_boot/cst-2.3.3/linux64/bin
$ ./cst -o csf-uboot.bin -i csf-uboot
就在这个过程出现错误:
“*** Error in `./linux64/cst': realloc(): invalid old size: 0x000000000081f440 ***
“/__Aborted (core dumped)”
