1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
#!/bin/sh -ex
dir=$(mktemp -d)
mkdir -p "$dir/keys"
cd "$dir/keys"
/usr/share/libexec/imx-code-signing-tool/pki_scripts/hab4_pki_tree.sh -existing-ca n -kt ecc -kl p256 -num-srk 1 -duration 100 -srk-ca y
cd "$dir/crts"
srktool -h 4 -t SRK_1_2_3_4_table.bin -e SRK_1_2_3_4_fuse.bin -d sha256 -c SRK1_sha256_secp256r1_v3_ca_crt.pem
cd "$dir"
cat > hab4.csf <<EOF
[Header]
Version = 4.0
Hash Algorithm = sha256
Engine = ANY
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "crts/SRK_1_2_3_4_table.bin"
Source Index = 0
[Install CSFK]
File = "crts/CSF1_1_sha256_secp256r1_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
Verification Index = 0
Target Index = 2
File = "crts/IMG1_1_sha256_secp256r1_v3_usr_crt.pem"
EOF
cst -i hab4.csf -o csf.bin
test -f csf.bin
cat > expected-csf.log <<EOF
SRK Table file created
CSF Certificate Detected
IMG Certificate Detected
Certificate file created
Certificate file created
Signature file created
EOF
csf_parser -c csf.bin > csf.log
cmp -l csf.log expected-csf.log
|
