diff options
author | Andrei Narkevitch <ainh@cypress.com> | 2020-03-24 09:46:58 -0700 |
---|---|---|
committer | David Hu <david.hu@arm.com> | 2020-09-24 02:47:44 +0000 |
commit | 16c5861f4062f441de34de4d4037b6ab9bf7552f (patch) | |
tree | 7d71aa5f4641c1caaa225732485b1765396056c7 /platform | |
parent | 1ce0e300d52cdba3da8c7fa0e1937300111f6e41 (diff) | |
download | trusted-firmware-m-16c5861f4062f441de34de4d4037b6ab9bf7552f.tar.gz |
Platform PSoC64: Update policies to use different keys for SPE and NSPE
- Use different keys to sign tfm_s and tfm_ns images
- Provided more details for signing keys commands shortcuts in keys/readme.rst
Signed-off-by: Andrei Narkevitch <ainh@cypress.com>
Change-Id: Ifb45dc28c8b1e168c49b40d23ba673df0d1c579f
Diffstat (limited to 'platform')
-rw-r--r-- | platform/ext/target/cypress/psoc64/security/keys/readme.rst | 27 | ||||
-rw-r--r-- | platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json | 12 |
2 files changed, 30 insertions, 9 deletions
diff --git a/platform/ext/target/cypress/psoc64/security/keys/readme.rst b/platform/ext/target/cypress/psoc64/security/keys/readme.rst index de80f3d16d..3b9afee3bc 100644 --- a/platform/ext/target/cypress/psoc64/security/keys/readme.rst +++ b/platform/ext/target/cypress/psoc64/security/keys/readme.rst @@ -1,4 +1,25 @@ -Signing keys: +################## +Image signing keys +################## -MCUBOOT_CM0P_KEY.json - private OEM key for signing CM0P image -USERAPP_CM4_KEY.json - private OEM key for signing CM4 image +TFM_S_KEY.json - private OEM key for signing CM0P image +TFM_S_KEY_PRIV.pem - private OEM key for signing CM0P image in PEM format +TFM_NS_KEY.json - private OEM key for signing CM4 image +TFM_NS_KEY_PRIV.pem - private OEM key for signing CM4 image in PEM format + + +Use cysecuretools to generate the key pairs defined by the policy file, for example: + +.. code-block:: bash + cd platform/ext/target/cypress/psoc64/security + cysecuretools -t cy8ckit-064b0s2-4343w init + cysecuretools -t cy8ckit-064b0s2-4343w -p policy_multi_img_CM0p_CM4_debug_2M.json create-keys + + +Signing keys have to be provisioned to the board: + +.. code-block:: bash + cysecuretools -t cy8ckit-064b0s2-4343w -p policy_multi_img_CM0p_CM4_debug_2M.json re-provision-device + + +Please refer to cysecuretools documentation and cypress_psoc64_spec.rst for more details. diff --git a/platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json b/platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json index b71553b60d..a8fe65a7ff 100644 --- a/platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json +++ b/platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json @@ -94,10 +94,10 @@ },
{
"boot_auth": [
- 8
+ 6
],
"boot_keys": [
- { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ { "kid": 6, "key": "./keys/TFM_S_KEY.json" }
],
"id": 1,
"monotonic": 0,
@@ -111,10 +111,10 @@ "encrypt_key_id": 1,
"encrypt_peer": "./keys/dev_pub_key.pem",
"upgrade_auth": [
- 8
+ 6
],
"upgrade_keys": [
- { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ { "kid": 6, "key": "./keys/TFM_S_KEY.json" }
],
"backup": false,
"resources": [
@@ -135,7 +135,7 @@ 8
],
"boot_keys": [
- { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ { "kid": 8, "key": "./keys/TFM_NS_KEY.json" }
],
"id": 16,
"monotonic": 0,
@@ -152,7 +152,7 @@ 8
],
"upgrade_keys": [
- { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ { "kid": 8, "key": "./keys/TFM_NS_KEY.json" }
],
"backup": false,
"resources": [
|