aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrei Narkevitch <ainh@cypress.com>2020-03-24 09:46:58 -0700
committerDavid Hu <david.hu@arm.com>2020-09-24 02:47:44 +0000
commit16c5861f4062f441de34de4d4037b6ab9bf7552f (patch)
tree7d71aa5f4641c1caaa225732485b1765396056c7
parent1ce0e300d52cdba3da8c7fa0e1937300111f6e41 (diff)
downloadtrusted-firmware-m-16c5861f4062f441de34de4d4037b6ab9bf7552f.tar.gz
Platform PSoC64: Update policies to use different keys for SPE and NSPE
- Use different keys to sign tfm_s and tfm_ns images - Provided more details for signing keys commands shortcuts in keys/readme.rst Signed-off-by: Andrei Narkevitch <ainh@cypress.com> Change-Id: Ifb45dc28c8b1e168c49b40d23ba673df0d1c579f
-rw-r--r--platform/ext/target/cypress/psoc64/security/keys/readme.rst27
-rw-r--r--platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json12
2 files changed, 30 insertions, 9 deletions
diff --git a/platform/ext/target/cypress/psoc64/security/keys/readme.rst b/platform/ext/target/cypress/psoc64/security/keys/readme.rst
index de80f3d16d..3b9afee3bc 100644
--- a/platform/ext/target/cypress/psoc64/security/keys/readme.rst
+++ b/platform/ext/target/cypress/psoc64/security/keys/readme.rst
@@ -1,4 +1,25 @@
-Signing keys:
+##################
+Image signing keys
+##################
-MCUBOOT_CM0P_KEY.json - private OEM key for signing CM0P image
-USERAPP_CM4_KEY.json - private OEM key for signing CM4 image
+TFM_S_KEY.json - private OEM key for signing CM0P image
+TFM_S_KEY_PRIV.pem - private OEM key for signing CM0P image in PEM format
+TFM_NS_KEY.json - private OEM key for signing CM4 image
+TFM_NS_KEY_PRIV.pem - private OEM key for signing CM4 image in PEM format
+
+
+Use cysecuretools to generate the key pairs defined by the policy file, for example:
+
+.. code-block:: bash
+ cd platform/ext/target/cypress/psoc64/security
+ cysecuretools -t cy8ckit-064b0s2-4343w init
+ cysecuretools -t cy8ckit-064b0s2-4343w -p policy_multi_img_CM0p_CM4_debug_2M.json create-keys
+
+
+Signing keys have to be provisioned to the board:
+
+.. code-block:: bash
+ cysecuretools -t cy8ckit-064b0s2-4343w -p policy_multi_img_CM0p_CM4_debug_2M.json re-provision-device
+
+
+Please refer to cysecuretools documentation and cypress_psoc64_spec.rst for more details.
diff --git a/platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json b/platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json
index b71553b60d..a8fe65a7ff 100644
--- a/platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json
+++ b/platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json
@@ -94,10 +94,10 @@
},
{
"boot_auth": [
- 8
+ 6
],
"boot_keys": [
- { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ { "kid": 6, "key": "./keys/TFM_S_KEY.json" }
],
"id": 1,
"monotonic": 0,
@@ -111,10 +111,10 @@
"encrypt_key_id": 1,
"encrypt_peer": "./keys/dev_pub_key.pem",
"upgrade_auth": [
- 8
+ 6
],
"upgrade_keys": [
- { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ { "kid": 6, "key": "./keys/TFM_S_KEY.json" }
],
"backup": false,
"resources": [
@@ -135,7 +135,7 @@
8
],
"boot_keys": [
- { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ { "kid": 8, "key": "./keys/TFM_NS_KEY.json" }
],
"id": 16,
"monotonic": 0,
@@ -152,7 +152,7 @@
8
],
"upgrade_keys": [
- { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ { "kid": 8, "key": "./keys/TFM_NS_KEY.json" }
],
"backup": false,
"resources": [