インテルのみ表示可能 — GUID: cru1452898170435
Ixiasoft
1.10. 付録:SoC EDSセキュア・ブート・イメージ・ツール:alt-secure-boot
ブート・イメージ認証(署名)に向けたセキュア・ブート・イメージ・ツールの使用
alt-secure-boot sign --help
usage:
alt-secure-boot sign [-h] \
--inputfile INPUTFILE --outputfile OUTPUTFILE \
[--fuseout FUSEOUT] [--pubkeyout PUBKEYOUT] \
[--rootkey-type {fuse,fpga,user}] \
[--keypair KEYPAIR] \
[--fpga-key-offset FPGA_KEY_OFFSET]
Sign a bootloader image to allow BootROM verification
optional arguments:
-h, --help show this help message and exit
--inputfile INPUTFILE, -i INPUTFILE
Bootloader image to sign
--outputfile OUTPUTFILE, -o OUTPUTFILE
Signed output image
--fuseout FUSEOUT, -fo FUSEOUT
Hash of root public key, to be burned into device
fuses
--pubkeyout PUBKEYOUT, -pko PUBKEYOUT
Root public key in raw data form. This data may then
be built into the FPGA image for usage with
--rootkey-type=fpga
--rootkey-type {fuse,fpga,user}, -t {fuse,fpga,user}
The trusted root key's type. (default: fuse) 'fuse':
embed root pubkey in image. BootROM verifies its hash
against device fuses. 'fpga': fetch trusted root
pubkey from location in FPGA memory. 'user': embed
root pubkey in image. BootROM does not verify.
--keypair KEYPAIR, -k KEYPAIR
Signature keypairs specified in order from the
trusted root key to final user key
--fpga-key-offset FPGA_KEY_OFFSET
Offset from H2F bridge base address (0xC0000000) to
location of logic-embedded root public key. Used for
'--rootkey-type fpga' authentication.
ブート・イメージ暗号化に向けたセキュア・ブート・イメージ・ツールの使用方法
alt-secure-boot encrypt --help
usage:
alt-secure-boot encrypt [-h] \
--inputfile INPUTFILE --outputfile OUTPUTFILE \
--key KEY [--non-volatile]
Convert a pimage into an encrypted boot image
optional arguments:
-h, --help show this help message and exit
--inputfile INPUTFILE, -i INPUTFILE
Bootloader image to encrypt
--outputfile OUTPUTFILE, -o OUTPUTFILE
Encrypted output image
--key KEY, -k KEY File containing symmetric key to use for encryption
--non-volatile Decryption key stored in non-volatile fuses, instead
of battery-backed storage