[PATCH] imx: hab: fix srktool -c usage by removing spaces
Christoph Fritz
chf.fritz at googlemail.com
Sun Dec 15 18:04:25 CET 2024
The srktool option -c does not allow spaces between certificate
filenames. Only commas (',') should separate the filenames. If spaces
are incorrectly included, srktool will not display an error or warning
message but will only process the first certificate in the list.
So adapt documentation accordingly.
Signed-off-by: Christoph Fritz <chf.fritz at googlemail.com>
---
doc/imx/habv4/introduction_habv4.txt | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/doc/imx/habv4/introduction_habv4.txt b/doc/imx/habv4/introduction_habv4.txt
index 25711bbe95a..53c54b2a88f 100644
--- a/doc/imx/habv4/introduction_habv4.txt
+++ b/doc/imx/habv4/introduction_habv4.txt
@@ -240,16 +240,17 @@ root of trust is established and the HAB code can progress with the image
authentication.
The srktool can be used for generating the SRK Table and its respective SRK
-Table Hash.
+Table Hash (certificate filenames must be separated by ',' with no spaces).
- Generating SRK Table and SRK Hash in Linux 64-bit machines:
+ $ CERTS="SRK1_sha256_2048_65537_v3_ca_crt.pem"
+ $ CERTS="$CERTS,SRK2_sha256_2048_65537_v3_ca_crt.pem"
+ $ CERTS="$CERTS,SRK3_sha256_2048_65537_v3_ca_crt.pem"
+ $ CERTS="$CERTS,SRK4_sha256_2048_65537_v3_ca_crt.pem"
+
$ ../linux64/bin/srktool -h 4 -t SRK_1_2_3_4_table.bin -e \
- SRK_1_2_3_4_fuse.bin -d sha256 -c \
- SRK1_sha256_2048_65537_v3_ca_crt.pem,\
- SRK2_sha256_2048_65537_v3_ca_crt.pem,\
- SRK3_sha256_2048_65537_v3_ca_crt.pem,\
- SRK4_sha256_2048_65537_v3_ca_crt.pem
+ SRK_1_2_3_4_fuse.bin -d sha256 -c "$CERTS"
The SRK_1_2_3_4_table.bin and SRK_1_2_3_4_fuse.bin files can be used in further
steps as explained in HAB guides available under doc/imx/habv4/guides/
--
2.39.5
More information about the U-Boot
mailing list