This example demonstrates the use of AES encryption and authentication.
all:
{
bh_kek_iv = ./blkiv.txt
bh_keyfile = ./blkkey.txt
efuse_kek_iv = ./efuse_blkIv.txt
boot_config {bh_auth_enable, puf4kmode , shutter=0x8100005E}
id_code = 0x04CA8093
extended_id_code = 0x01
image
{
name = pmc_subsys, id = 0x1c000001
{type = bootloader,
encryption = aes, keysrc=bh_blk_key, dpacm_enable,revoke_id = 0x5, aeskeyfile = ./plm.nky, authentication = rsa, pskfile = ./PSK1.pem, sskfile = ./SSK5.pem,
file = ./plm.elf}
{type = pmcdata, aeskeyfile = ./pmc_data.nky, file = ./pmc_data.cdo}
}
metaheader
{
encryption = aes, keysrc=bh_blk_key, dpacm_enable, revoke_id = 0x6,
aeskeyfile = metaheader.nky
}
image
{
name = lpd, id = 0x4210002
{type = cdo,
encryption = aes, keysrc = bbram_red_key, revoke_id = 0x8, aeskeyfile = lpd.nky,
file = ./lpd_data.cdo}
{ core = psm, file = ./psm_fw.elf}
}
image
{
name = fpd, id = 0x420c003
{type = cdo,
encryption = aes, keysrc = efuse_blk_key, dpacm_enable, revoke_id = 0x10, aeskeyfile = fpd.nky, authentication = ecdsa-p384, pskfile = ./PSK1.pem, sskfile = ./SSK5.pem,
file = ./fpd_data.cdo}
}
}