auth_params - 2022.1 English

Bootgen User Guide (UG1283)

Document ID
UG1283
Release Date
2022-04-26
Version
2022.1 English

Syntax

[auth_params] ppk_select=<0|1>; spk_id <32-bit spk id>;/
 spk_select=<spk-efuse/user-efuse>; auth_header

Description

Authentication parameters specify additional configuration such as which PPK, SPK to use for authentication of the partitions in the boot image. Arguments for this bif parameter are:

  • ppk_select: Selects which PPK to use. Options are 0 (default) or 1.
  • spk_id: Specifies which SPK can be used or revoked. See User eFUSE Support with Enhanced RSA Key Revocation. The default value is 0x00.
  • spk_select: To differentiate spk and user efuses. Options are spk-efuse (default) and user_efuse.
  • header_auth: To authenticate headers when no partition is authenticated.
Note:
  1. ppk_select is unique for each image.
  2. Each partition can have its own spk_select and spk_id.
  3. spk-efuse id is unique across the image, but user-efuse id can vary between partitions.
  4. spk_select/spk_id outside the partition scope will be used for headers and any other partition that does not have these specifications as partition attributes.

Example

Sample BIF 1 - test.bif

all:
{
	[auth_params]ppk_select=0;spk_id=0x4
	[pskfile] primary.pem
	[sskfile]secondary.pem 
	[bootloader, authentication=rsa]fsbl.elf
}

Sample BIF 2 - test.bif

all:                                                          
{                                                             
	[auth_params] ppk_select=0;spk_select=user-efuse;spk_id=0x22
	[pskfile]     primary.pem                                   
	[sskfile]     secondary.pem                                 
	[bootloader, authentication = rsa] fsbl.elf                                                  
}

Sample BIF 3 - test.bif

all:                                                      
{                                                         
  	[auth_params] ppk_select=1; spk_select= user-efuse; spk_id=0x22; header_auth   
  	[pskfile]     primary.pem                               
  	[sskfile]     secondary.pem                             
  	[destination_cpu=a53-0] test.elf                        
}

Sample BIF 4 - test.bif

all:                                                           
{                                                              
  	[auth_params]  ppk_select=1;spk_select=user-efuse;spk_id=0x22
  	[pskfile]      primary.pem                                   
  	[sskfile]      secondary0.pem                                
                                                               
  /* FSBL - Partition-0) */                                     
   [                                                            
	bootloader,                                                
	destination_cpu   = a53-0,                                 
	authentication    = rsa,                                   
	spk_id            = 0x3,                            
	spk_select        = spk-efuse,                             
	sskfile           = secondary1.pem                         
   ] fsbla53.elf                                                 
                                                               
  /* Partition-1 */                                             
   [                                                            
     destination_cpu    = a53-1,                                
     authentication     = rsa,                                  
     spk_id             = 0x24,                                 
     spk_select         = user-efuse,                           
     sskfile            = secondary2.pem                        
   ] hello.elf                                                   
}