Syntax
[auth_params] ppk_select=<0|1>; spk_id <32-bit spk id>;/
spk_select=<spk-efuse/user-efuse>; auth_header
Description
Authentication parameters specify additional configuration such as which PPK, SPK to use for authentication of the partitions in the boot image. Arguments for this bif parameter are:
- ppk_select: Selects which PPK to use. Options are 0 (default) or 1.
- spk_id: Specifies which SPK can be used or revoked. See User eFUSE Support with Enhanced RSA Key Revocation. The default value is 0x00.Note: While there are different SPKs for the header and the FSBL, they share the same SPK ID.
If only the auth_params field is used wherein the SPK ID is provided, the SPK ID propagates to the boot and application partitions. If SPK ID is used in both the boot and application partitions, the SPK ID in the boot/image header partition gets overwritten and application SPK is used. This means Bootgen chooses the last version of the SPK ID that is fed to it in the process of making sure that the header and FSBL have the same SPK ID.
- spk_select: To differentiate spk and user efuses. Options are spk-efuse (default) and user_efuse.
- header_auth: To authenticate headers when no partition is authenticated.
- ppk_select is unique for each image.
- Each partition can have its own spk_select and spk_id.
- spk-efuse id is unique across the image, but user-efuse id can vary between partitions.
- spk_select/spk_id outside the partition scope is used for headers and any other partition that does not have these specifications as partition attributes.
Example
Sample BIF 1 - test.bif
all:
{
[auth_params]ppk_select=0;spk_id=0x4
[pskfile] primary.pem
[sskfile]secondary.pem
[bootloader, authentication=rsa]fsbl.elf
}
Sample BIF 2 - test.bif
all:
{
[auth_params] ppk_select=0;spk_select=spk-efuse;spk_id=0x22
[pskfile] primary.pem
[sskfile] secondary.pem
[bootloader, authentication = rsa] fsbl.elf
}
Sample BIF 3 - test.bif
all:
{
[auth_params] ppk_select=1; spk_select= user-efuse; spk_id=0x22; header_auth
[pskfile] primary.pem
[sskfile] secondary.pem
[destination_cpu=a53-0] test.elf
}
Sample BIF 4 - test.bif
all:
{
[auth_params] ppk_select=1;spk_select=user-efuse;spk_id=0x22
[pskfile] primary.pem
[sskfile] secondary0.pem
/* FSBL - Partition-0) */
[
bootloader,
destination_cpu = a53-0,
authentication = rsa,
spk_id = 0x3,
spk_select = spk-efuse,
sskfile = secondary1.pem
] fsbla53.elf
/* Partition-1 */
[
destination_cpu = a53-1,
authentication = rsa,
spk_id = 0x24,
spk_select = user-efuse,
sskfile = secondary2.pem
] hello.elf
}