- The IVT table address inside the kernel image must be aligned at 0x1000
bytes. The calculation of this offset was not working when the kernel image
size was multiple of 0x1000 bytes. In this case the IVT table was moved an
extra offset of 0x1000 bytes, causing U-Boot to fail to validate the image
as the IVT table was not in the expected location.
This fix uses the same offset calculation algorithm as U-Boot, ensuring both,
the sign script and U-Boot will look for the IVT at the same address.
https://jira.digi.com/browse/DEL-3972
Signed-off-by: David Escalona <david.escalona@digi.com>
Ensure that the signing script is not executed in parallel. This is required in
order to avoid problems during PKI generation and CST usage when building with
Yocto or the Android build system.
https://jira.digi.com/browse/DEL-2849
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
The HAB on the i.MX6/i.MX6UL expects an entrypoint which is used to pass
execution to U-Boot in the ROM code. In later executions of HAB, U-Boot calls
the HAB but ignores this value.
A fixed value of 0x1000 was being used for the entrypoint, which is too big for
really small artifacts, like bootscripts. This commit reduces the value to
0x100. This allows to sign and encrypt artifacts as small as 260 bytes.
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This patch introduces some parameters which allow to select the type of image
to be signed. Currently the supported types are:
* linux kernel (-l)
* DTB (-d)
* initramfs (-i)
This also moves the CONFIG_PLATFORM environment variable to a parameter, for
consistency.
https://jira.digi.com/browse/DUB-614https://jira.digi.com/browse/DUB-615
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
* Check number of arguments
* Add platform argument
* Read user configuration from .config file
* Remove unused variable (dek_blob_size)
* Remove noise in output messages
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
When writing the fake IVT table in raw, rely on tac (part of the core-utils
package) instead of on xxd.
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Add a recipe to include all signing and encryption tools for U-Boot and
kernel images to the SDK. Move existing trustfence kernel scripts to this
new recipe.
This allows to use these scripts not only from the Yocto build system but
also as standalone tools for image signing and encryption.
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
David Escalona
Alex Gonzalez
Diaz de Grenu, Jose
Javier Viguera