summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e31f499)
raw | patch | inline | side by side (parent: e31f499)
| author | Andreas Dannenberg <dannenberg@ti.com> | |
| Wed, 7 Nov 2018 16:48:20 +0000 (10:48 -0600) | ||
| committer | Andreas Dannenberg <dannenberg@ti.com> | |
| Mon, 10 Jun 2019 16:41:22 +0000 (11:41 -0500) |
Switch to using the TI degenerate key to sign the system firmware binary
image on GP devices during the image tree blob build process. Using this
key speeds up the time needed by the ROM code execution for processing
this image and with this shortens our boot time.
The previous default behavior of signing with a random key can still
be triggered by passing an empty KEY variable to the make command as
follows:
$ make KEY=""
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Suman Anna <s-anna@ti.com>
image on GP devices during the image tree blob build process. Using this
key speeds up the time needed by the ROM code execution for processing
this image and with this shortens our boot time.
The previous default behavior of signing with a random key can still
be triggered by passing an empty KEY variable to the make command as
follows:
$ make KEY=""
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Suman Anna <s-anna@ti.com>
| Makefile | patch | blob | history | |
| README.md | patch | blob | history | |
| ti-degenerate-key.pem | [new file with mode: 0644] | patch | blob |
diff --git a/Makefile b/Makefile
index 586873023a8cdc4ec14c3a2ec1fd7a246e7db5c5..980a53f836348cf7f92cb2458dfddc0caa0afcab 100644 (file)
--- a/Makefile
+++ b/Makefile
# Set HS SYSFW image signing key
ifdef HS
KEY ?= $(TI_SECURE_DEV_PKG)/keys/custMpk.pem
+else
+KEY ?= ti-degenerate-key.pem
endif
CROSS_COMPILE ?= arm-linux-gnueabihf-
diff --git a/README.md b/README.md
index 35640117a998f229047e0a89686e36fbd7a005bd..2c0d3141af5611746f743931830d194d2a38a00a 100644 (file)
--- a/README.md
+++ b/README.md
using the **SYSFW_PATH** make variable. The build process will fail if the
image can't be downloaded or no such file is provided.
+Further note by default the SYSFW image for use with general purpose (GP) devices
+(as opposed to high security devices) is signed with the TI degenerate key to
+optimize boot time (less processing time needed by ROM) but can also be signed
+with a random cryptoraphic key or another user-provided key. This signing behavior
+is controlled through the **KEY** make variable. Not explicitly setting **KEY**
+will result in the use of the TI degenerate key. To use a custom key populate the
+**KEY** variable to point to the key to get used. By clearing the default key
+setting by passing in **KEY=""** a random key will get generated and used during
+the build process.
+
In order to download the SYSFW release image (if needed) and build the final
**sysfw.itb** for consumption by U-Boot simply perform a make...
diff --git a/ti-degenerate-key.pem b/ti-degenerate-key.pem
--- /dev/null
+++ b/ti-degenerate-key.pem
@@ -0,0 +1,10 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBWwIBAAKBgQDRfrnXQaP0k6vRK/gZ+bDflSU6y1JagGeQ/b+QYuiDz14japog
+8fRSu5WBsAxaSaySAUwS3L9Ppw+hGMecmyIJ494aMfZTtk1g49gU58joduiRnu7e
+QSZHMnehhuNlfD7A2tAAKnxIYuabs8zHYM/SS9Ne7t3kIQMbKfUSzNy6qQIBAQIB
+AQJBAOelUA376o6w3HkShXfN+shaOZYqFuTJ9exLMwsLp7DZKXB5F9I4JJ+Vkvho
+k6QWs7vkhleLSYUZknXHYm26ZE0CQQDnhTtd4PTBoZPjPXOeYMJFtEdMNy0XP6ey
+bcce389ugoY7BEkvASrd8PHgJQHziepgWOG4DGp33c64Hfq4zI3NAgEBAgEBAkA0
+RbK4uqoLciQluesTPU6lBy7Se3Dw0F9xBqlF5SR4KI6q+zQrHpBKyFOofMHZgizR
+iCrL55cxEM146zMw3AnF
+-----END RSA PRIVATE KEY-----