Syntax
[auth_params] ppk_select=<0|1>; spk_id <32-bit spk id>;/
spk_select=<spk-efuse/user-efuse>; auth_header
Description
Authentication parameters specify additional configuration such as which PPK, SPK to use for authentication of the partitions in the boot image. Arguments for this bif parameter are:
- ppk_select: Selects which PPK to use. Options are 0 (default) or 1.
- spk_id: Specifies which SPK can be used or revoked. See User eFUSE Support with Enhanced RSA Key Revocation. The default value is 0x00.
- spk_select: To differentiate spk and user efuses. Options are spk-efuse (default) and user_efuse.
- header_auth: To authenticate headers when no partition is authenticated.
Note:
- ppk_select is unique for each image.
- Each partition can have its own spk_select and spk_id.
- spk-efuse id is unique across the image, but user-efuse id can vary between partitions.
- spk_select/spk_id outside the partition scope will be used for headers and any other partition that does not have these specifications as partition attributes.
Example
Sample BIF 1 - test.bif
all:
{
[auth_params]ppk_select=0;spk_id=0x4
[pskfile] primary.pem
[sskfile]secondary.pem
[bootloader, authentication=rsa]fsbl.elf
}
Sample BIF 2 - test.bif
all:
{
[auth_params] ppk_select=0;spk_select=user-efuse;spk_id=0x22
[pskfile] primary.pem
[sskfile] secondary.pem
[bootloader, authentication = rsa] fsbl.elf
}
Sample BIF 3 - test.bif
all:
{
[auth_params] ppk_select=1; spk_select= user-efuse; spk_id=0x22; header_auth
[pskfile] primary.pem
[sskfile] secondary.pem
[destination_cpu=a53-0] test.elf
}
Sample BIF 4 - test.bif
all:
{
[auth_params] ppk_select=1;spk_select=user-efuse;spk_id=0x22
[pskfile] primary.pem
[sskfile] secondary0.pem
/* FSBL - Partition-0) */
[
bootloader,
destination_cpu = a53-0,
authentication = rsa,
spk_id = 0x3,
spk_select = spk-efuse,
sskfile = secondary1.pem
] fsbla53.elf
/* Partition-1 */
[
destination_cpu = a53-1,
authentication = rsa,
spk_id = 0x24,
spk_select = user-efuse,
sskfile = secondary2.pem
] hello.elf
}