# =========== Master Boot Image Configuration template for kw45xx, Plain Signed XIP Image. =========== # ---------------------------------------------------------------------------------------------------- # == Basic Settings == # ---------------------------------------------------------------------------------------------------- # [Required], MCU family name; Possible options:['kw45xx', 'k32w1xx'] family: kw45xx # [Required], Application target; Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence; # Possible options:['Internal flash (XIP)', 'External flash (XIP)', 'Internal Flash (XIP)', 'External Flash (XIP)', 'RAM', 'ram', 'xip'] outputImageExecutionTarget: Internal flash (XIP) # [Required], Type of boot image authentication; Specification of final master boot image authentication; # Possible options:['Plain', 'CRC', 'Signed', 'Encrypted + Signed', 'NXP Signed', 'encrypted', 'signed', 'crc'] outputImageAuthenticationType: Signed # [Required], Master Boot Image name; The file for Master Boot Image result file. masterBootOutputFile: kw45_led_signed.bin # [Required], Plain application image; The input application image to by modified to Master Boot Image. inputImageFile: workspace/templates1/kw45.bin # [Required], Loading address of application; Application loading address in RAM if not XiP, otherwise address of load in XiP. outputImageExecutionAddress: 0 # [Optional], Firmware version; Version of application image firmware. # firmwareVersion: 0 # ---------------------------------------------------------------------------------------------------- # == Root Keys Settings == # ---------------------------------------------------------------------------------------------------- # [Conditionally required], Main root Certification Private Key; # Path to Main root Certification Private Key. Don't use when 'binaryCertificateBlock' is defined mainRootCertPrivateKeyFile: workspace/ec_pk_secp384r1_cert0.pem # [Conditionally required], Signature provider configuration in format 'type=;=;=". signProvider: type=file;file_path=my_prv_key.pem # [Conditionally required], Root Certificate File 0; Root certificate file index 0. rootCertificate0File: workspce/ec_secp384r1_cert0.pem # [Optional], Root Certificate File 1; Root certificate file index 1. rootCertificate1File: workspce/ec_secp384r1_cert1.pem # [Optional], Root Certificate File 2; Root certificate file index 2. rootCertificate2File: workspce/ec_secp384r1_cert2.pem # [Optional], Root Certificate File 3; Root certificate file index 3. rootCertificate3File: workspce/ec_secp384r1_cert3.pem # [Conditionally required], Main Certificate Index; Index of certificate that is used as a main. # If not defined, the certificate matching private key will be selected. mainRootCertId: 0 # ---------------------------------------------------------------------------------------------------- # == ISK Certificate Settings == # ---------------------------------------------------------------------------------------------------- # [Conditionally required], Binary Certificate; Optionally the certificate could be defined as a pre-generated binary block. # In case that is defined, all other configuration for certification block must be deleted ('useIsk', 'mainRootCertPrivateKeyFile', 'signingCertificateFile', 'signingCertificateConstraint', 'signCertData') # In case that ISK is defined, certicate block must be deleted binaryCertificateBlock: my_isk_cert.bin # [Conditionally required], Use ISK for signature certification; Enable ISK type of signature certification. Don't use when 'binaryCertificateBlock' is defined useIsk: false # # [Conditionally required], Signing Certificate; Path to Signing Certificate. Don't use when 'binaryCertificateBlock' is defined # signingCertificateFile: sign_cert.pem # # [Optional], Signing certificate constrain number. Don't use when 'binaryCertificateBlock' is defined # signingCertificateConstraint: 0 # # [Optional], Signing Certificate data; Path to Signing Certificate data. Don't use when 'binaryCertificateBlock' is defined # signCertData: sign_cert.bin # # [Optional], ISK Certificate private key used to sign certificate. It can be replaced by signProvider key. # signingCertificatePrivateKeyFile: isk_prv_key.pem # # [Optional], ISK Signature Provider; Signature provider configuration in format 'type=;=;=". # iskSignProvider: type=file;file_path=my_isk_prv_key.pem # ---------------------------------------------------------------------------------------------------- # == Trust Zone Settings == # ---------------------------------------------------------------------------------------------------- # [Optional], TrustZone enable option; If not specified, the Trust zone is disabled. enableTrustZone: false # [Optional], TrustZone Customization file; If not specified, but TrustZone is enabled(enableTrustZone) the default values are used. trustZonePresetFile: my_tz_custom.yaml # ---------------------------------------------------------------------------------------------------- # == Image Manifest Settings == # ---------------------------------------------------------------------------------------------------- # [Optional], Manifest signing hash algorithm; Optional Manifest signing hash algorithm name to create Certificate v3.1 Manifest; # Possible options:['sha256', 'sha384', 'sha521'] manifestDigestHashAlgorithm: sha256 # ---------------------------------------------------------------------------------------------------- # == Extra Settings == # ---------------------------------------------------------------------------------------------------- # [Optional], No Signature; When is set, the signature is not included. The signature could be later added by HSM. noSignature: false #