summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Dannenberg2018-11-07 10:48:20 -0600
committerAndreas Dannenberg2019-06-10 11:41:22 -0500
commite806caaaa4c89681d5b8d60c579f97efd880165b (patch)
tree0a0fed999de189fb57f0499c59a46337da73225d
parente31f499894cda984fcc76dd8c4ce2142b6279cf5 (diff)
downloadk3-image-gen-e806caaaa4c89681d5b8d60c579f97efd880165b.tar.gz
k3-image-gen-e806caaaa4c89681d5b8d60c579f97efd880165b.tar.xz
k3-image-gen-e806caaaa4c89681d5b8d60c579f97efd880165b.zip
build: Default to use TI degenerate key for signing on non-HS devices
Switch to using the TI degenerate key to sign the system firmware binary image on GP devices during the image tree blob build process. Using this key speeds up the time needed by the ROM code execution for processing this image and with this shortens our boot time. The previous default behavior of signing with a random key can still be triggered by passing an empty KEY variable to the make command as follows: $ make KEY="" Signed-off-by: Andreas Dannenberg <dannenberg@ti.com> Reviewed-by: Suman Anna <s-anna@ti.com>
Diffstat
-rw-r--r--Makefile2
-rw-r--r--README.md10
-rw-r--r--ti-degenerate-key.pem10
3 files changed, 22 insertions, 0 deletions
diff --git a/Makefile b/Makefile
index 586873023..980a53f83 100644
--- a/Makefile
+++ b/Makefile
@@ -61,6 +61,8 @@ SYSFW_HS_INNER_CERT_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-fir
61# Set HS SYSFW image signing key 61# Set HS SYSFW image signing key
62ifdef HS 62ifdef HS
63KEY ?= $(TI_SECURE_DEV_PKG)/keys/custMpk.pem 63KEY ?= $(TI_SECURE_DEV_PKG)/keys/custMpk.pem
64else
65KEY ?= ti-degenerate-key.pem
64endif 66endif
65 67
66CROSS_COMPILE ?= arm-linux-gnueabihf- 68CROSS_COMPILE ?= arm-linux-gnueabihf-
diff --git a/README.md b/README.md
index 35640117a..2c0d3141a 100644
--- a/README.md
+++ b/README.md
@@ -48,6 +48,16 @@ The default SYSFW image consumed by the build process is called
48using the **SYSFW_PATH** make variable. The build process will fail if the 48using the **SYSFW_PATH** make variable. The build process will fail if the
49image can't be downloaded or no such file is provided. 49image can't be downloaded or no such file is provided.
50 50
51Further note by default the SYSFW image for use with general purpose (GP) devices
52(as opposed to high security devices) is signed with the TI degenerate key to
53optimize boot time (less processing time needed by ROM) but can also be signed
54with a random cryptoraphic key or another user-provided key. This signing behavior
55is controlled through the **KEY** make variable. Not explicitly setting **KEY**
56will result in the use of the TI degenerate key. To use a custom key populate the
57**KEY** variable to point to the key to get used. By clearing the default key
58setting by passing in **KEY=""** a random key will get generated and used during
59the build process.
60
51In order to download the SYSFW release image (if needed) and build the final 61In order to download the SYSFW release image (if needed) and build the final
52**sysfw.itb** for consumption by U-Boot simply perform a make... 62**sysfw.itb** for consumption by U-Boot simply perform a make...
53 63
diff --git a/ti-degenerate-key.pem b/ti-degenerate-key.pem
new file mode 100644
index 000000000..bd7d3745a
--- /dev/null
+++ b/ti-degenerate-key.pem
@@ -0,0 +1,10 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIIBWwIBAAKBgQDRfrnXQaP0k6vRK/gZ+bDflSU6y1JagGeQ/b+QYuiDz14japog
38fRSu5WBsAxaSaySAUwS3L9Ppw+hGMecmyIJ494aMfZTtk1g49gU58joduiRnu7e
4QSZHMnehhuNlfD7A2tAAKnxIYuabs8zHYM/SS9Ne7t3kIQMbKfUSzNy6qQIBAQIB
5AQJBAOelUA376o6w3HkShXfN+shaOZYqFuTJ9exLMwsLp7DZKXB5F9I4JJ+Vkvho
6k6QWs7vkhleLSYUZknXHYm26ZE0CQQDnhTtd4PTBoZPjPXOeYMJFtEdMNy0XP6ey
7bcce389ugoY7BEkvASrd8PHgJQHziepgWOG4DGp33c64Hfq4zI3NAgEBAgEBAkA0
8RbK4uqoLciQluesTPU6lBy7Se3Dw0F9xBqlF5SR4KI6q+zQrHpBKyFOofMHZgizR
9iCrL55cxEM146zMw3AnF
10-----END RSA PRIVATE KEY-----
generated by cgit v1.2.3 (git 2.39.2)