Approved version. Approved on: 10:15, 11 July 2022
You are viewing an old version of this page. Return to the latest version.
- Last edited 2 weeks ago ago
How to perform Secure Boot from Distribution package
Revision as of 10:15, 11 July 2022 by Bernard Puel (talk | contribs)
Contents
1 Article purpose[edit]
The purpose of this article is to explain how to perform a secure boot on a STM32MP device with Distribution package.
To perform this use-case you need to:
- Create signature key with KeyGen tool (if is not already done)
- Put signature key on STM32MP (if is not already done)
- Compile a Distribution package with signed FIP
- Sign first stage bootloader binaries with Signing tool
- Create FlashLayout for signed binaries
- Program and test
- Close the device (if is not already done)
These steps are not reversible (you cannot reproduce in reverse).
2 Creating signature key[edit]
For perform Secure Boot, you need to have binaries signed which a specific signature key.
If this signature key is already present STM32MP device, go directly to Distribution package with signed FIP.
For creating signature key, we need to use STM32MP KeyGen CLI Tool.
See KeyGen tool page for installation and command line options.
The minimal command to use is
STM32MP_KeyGen_CLI -abs <output directory> -pwd <password> -n <number of key>
With:
- <output directory> = patch to the generated private and public key files (privateKey.pem and publicKey*.pem)
- <password> = Password of the private key. The password must contain 4 characters at least.
- <number of key> = number of key pairs, 1 for STM32MP15 or 8 for stm32MP13
2.1 Creating signature key for STM32MP15x lines 
[edit]
STM32MP15x lines device support only one couple of Signature key (Public key / Private Key)
Example:
STM32MP_KeyGen_CLI -abs stm32mp15-key/ -pwd azerty -n 1
-------------------------------------------------------------------
STM32MP Key Generator v1.0.0
-------------------------------------------------------------------
Prime256v1 curve is selected.
AES_256_cbc algorithm is selected for private key encryption
Generating Prime256v1 keys...
Private key PEM file created
Public key PEM file created
public key hash file created
Keys packet 0 generated successfully.
+ public key: /tmp/key/publicKey00.pem
+ private key: /tmp/key/privateKey00.pem
+ public hash key: /tmp/key/publicKeyHash00.bin
------------------------------------------------------------
Hash of table of Hash of {algorithm + public Key} file generated successfully.
+ Hash Hash: /tmp/key/publicKeysHashHashes.bin
2.2 Creating signature key for STM32MP13x lines [edit]
STM32MP13x lines device support 8 couples of Signature key (Public key / Private Key)
Example:
STM32MP_KeyGen_CLI -abs stm32mp13-key/ -pwd azerty -n 8
-------------------------------------------------------------------
STM32MP Key Generator v1.0.0
-------------------------------------------------------------------
Prime256v1 curve is selected.
AES_256_cbc algorithm is selected for private key encryption
Generating Prime256v1 keys...
Private key PEM file created
Public key PEM file created
public key hash file created
Keys packet 0 generated successfully.
+ public key: /tmp/key/publicKey00.pem
+ private key: /tmp/key/privateKey00.pem
+ public hash key: /tmp/key/publicKeyHash00.bin
------------------------------------------------------------
AES_256_cbc algorithm is selected for private key encryption
Generating Prime256v1 keys...
Private key PEM file created
Public key PEM file created
public key hash file created
Keys packet 1 generated successfully.
+ public key: /tmp/key/publicKey01.pem
+ private key: /tmp/key/privateKey01.pem
+ public hash key: /tmp/key/publicKeyHash01.bin
------------------------------------------------------------
AES_256_cbc algorithm is selected for private key encryption
Generating Prime256v1 keys...
Private key PEM file created
Public key PEM file created
public key hash file created
Keys packet 2 generated successfully.
+ public key: /tmp/key/publicKey02.pem
+ private key: /tmp/key/privateKey02.pem
+ public hash key: /tmp/key/publicKeyHash02.bin
------------------------------------------------------------
AES_256_cbc algorithm is selected for private key encryption
Generating Prime256v1 keys...
Private key PEM file created
Public key PEM file created
public key hash file created must be signed with
Keys packet 3 generated successfully.
+ public key: /tmp/key/publicKey03.pem
+ private key: /tmp/key/privateKey03.pem
+ public hash key: /tmp/key/publicKeyHash03.bin
------------------------------------------------------------
AES_256_cbc algorithm is selected for private key encryption
Generating Prime256v1 keys...
Private key PEM file created
Public key PEM file created
public key hash file created
Keys packet 4 generated successfully.
+ public key: /tmp/key/publicKey04.pem
+ private key: /tmp/key/privateKey04.pem
+ public hash key: /tmp/key/publicKeyHash04.bin
------------------------------------------------------------
AES_256_cbc algorithm is selected for private key encryption
Generating Prime256v1 keys...
Private key PEM file created
Public key PEM file created
public key hash file created
Keys packet 5 generated successfully.
+ public key: /tmp/key/publicKey05.pem
+ private key: /tmp/key/privateKey05.pem
+ public hash key: /tmp/key/publicKeyHash05.bin
------------------------------------------------------------
AES_256_cbc algorithm is selected for private key encryption
Generating Prime256v1 keys...
Private key PEM file created
Public key PEM file created
public key hash file created
Keys packet 6 generated successfully.
+ public key: /tmp/key/publicKey06.pemsoc
+ private key: /tmp/key/privateKey06.pem
+ public hash key: /tmp/key/publicKeyHash06.bin
------------------------------------------------------------
AES_256_cbc algorithm is selected for private key encryption
Generating Prime256v1 keys...
Private key PEM file created
Public key PEM file created
public key hash file created
Keys packet 7 generated successfully.
+ public key: /tmp/key/publicKey07.pem
+ private key: /tmp/key/privateKey07.pem
+ public hash key: /tmp/key/publicKeyHash07.bin
------------------------------------------------------------
Hash of table of Hash of {algorithm + public Key} file generated successfully.
+ Hash Hash: /tmp/key/publicKeysHashHashes.bin
3 Put signature key on STM32MP[edit]
3.1 Put hash key on device for STM32MP15x lines [edit]
To manually put the key on STM32MP device with U-Boot stm32key command, you need to:
- Put the hash key file (publicKeyhash.bin), generated on previous section, on bootfs partition
- Boot the board and stop on U-Boot console
- Load hash public key in DDR
for example, the hash key file is located on 8th partition of sdcard:
load mmc 0:8 0xc0000000 publicKeyhash.bin
- Register hash public key
stm32key fuse 0xc0000000
For more information, see How to use U-Boot stm32key command.
3.2 Put hash key on device for STM32MP13x lines [edit]
To manually put the key on STM32MP device with U-Boot stm32key command, you need to:
- Put the hash key file (publicKeysHashHashes.bin), generated on previous section, on bootfs partition
- Boot the board and stop on U-Boot console
- Load hash public key in DDR
for example, the hash key file is located on 8th partition of sdcard:
load mmc 0:8 0xc0000000 publicKeysHashHashes.bin
- Register hash public key
stm32key fuse 0xc0000000
For more information, see How to use U-Boot stm32key command.
4 Distribution package with signed FIP[edit]
4.1 Pre-requisite[edit]
- Having Signature Key (Public Key(s), Private Key(s), Hash key file, password)
- Having get the STM32MP1 Distribution Package
4.2 Generate Distribution package with signed binaries[edit]
- source the environment of Distribution package
source layers/meta-st/scripts/envsetup.sh
Select your DISTRO and your machine
- Indicate where to found your Signature key
(in this example we are put the signature key on meta-st-stm32mp layer on key directory)
Add the following lines on your local.conf (on build directory)
For ST32MP15:
echo 'FIP_SIGN_KEY = "key/stm32mp15/privateKey.pem" ' >> conf/local.conf echo 'FIP_SIGN_KEY_EXTERNAL = "1" ' >> conf/local.conf echo 'FIP_SIGN_KEY_PASS = "<password of signature key>" ' >> conf/local.conf echo 'TF_A_SIGN_ENABLE = "1" ' >> conf/local.conf
For ST32MP13:
echo 'FIP_SIGN_KEY = "key/stm32mp13/privateKey00.pem" ' >> conf/local.conf echo 'FIP_SIGN_KEY_EXTERNAL = "1" ' >> conf/local.conf echo 'FIP_SIGN_KEY_PASS = "<password of signature key>" ' >> conf/local.conf echo 'TF_A_SIGN_ENABLE = "1" ' >> conf/local.conf
Request to sign the FIP file generated:
echo 'FIP_SIGN_ENABLE = "1" ' >> conf/local.conf
- Compile your binaries
bitbake st-image-weston
On tmp-glibc/deploy/images/<machine name>/fip/ you will found the FIP file signed ready to be programmed on board.
5 Sign first stage bootloader binaries[edit]
The first stage bootloader binaries = TF-A BL2 are generated unsigned; we need to sign it manually with STM32MP_SigningTool_CLI.
For installation and command line options see Signing tool.
This tools is used to sign a binary with STM32 header, with the minimal options to sign the FSBL binary is:
STM32MP_SigningTool_CLI -pubk <public key> -prvk <private key> -pwd <password> -t fsbl -of <Option_Flags> -bin FSBL binary not signed>.stm32 -o <FSBL binary signed>.stm32
with:
- <public key>= the path of the Private key files generated by KeyGen: publicKey*.pem, 1 for STM32MP15 and 8 for STM32MP13
- <private key> = the path of the Public key file generated by KeyGen: privateKey.pem
- <password> = pasword used by KeyGen to protect the key files
- <Option_Flags> = the -of option is required only for STM32MP13, with 0x00000001 value
5.1 Signing first stage bootloader binaries for STM32MP15x lines [edit]
For SDCARD:
STM32MP_SigningTool_CLI -pubk <path to meta-st-stm32mp>key/stm32mp15/publicKey.pem -prvk <path to meta-st-stm32mp>key/stm32mp15/privateKey.pem -pwd <password> -t ssbl -bin arm-trusted-firmware/tf-a-<board name>-sdcard.stm32 -o arm-trusted-firmware/tf-a-<board name>-sdcard_Signed.stm32
For EMMC:
STM32MP_SigningTool_CLI -pubk <path to meta-st-stm32mp>key/stm32mp15/publicKey.pem -prvk <path to meta-st-stm32mp>key/stm32mp15/privateKey.pem -pwd <password> -t ssbl -bin arm-trusted-firmware/tf-a-<board name>-emmc.stm32 -o arm-trusted-firmware/tf-a-<board name>-emmc_Signed.stm32
For NAND:
STM32MP_SigningTool_CLI -pubk <path to meta-st-stm32mp>key/stm32mp15/publicKey.pem -prvk <path to meta-st-stm32mp>key/stm32mp15/privateKey.pem -pwd <password> -t ssbl -bin arm-trusted-firmware/tf-a-<board name>-nand.stm32 -o arm-trusted-firmware/tf-a-<board name>-nand_Signed.stm32
For NOR:
STM32MP_SigningTool_CLI -pubk <path to meta-st-stm32mp>key/stm32mp15/publicKey.pem -prvk <path to meta-st-stm32mp>key/stm32mp15/privateKey.pem -pwd <password> -t ssbl -bin arm-trusted-firmware/tf-a-<board name>-nor.stm32 -o arm-trusted-firmware/tf-a-<board name>-nor_Signed.stm32
For USB (used with STM32CubeProgrammer):
STM32MP_SigningTool_CLI -pubk <path to meta-st-stm32mp>key/stm32mp15/publicKey.pem -prvk <path to meta-st-stm32mp>key/stm32mp15/privateKey.pem -pwd <password> -t ssbl -bin arm-trusted-firmware/tf-a-<board name>-usb.stm32 -o arm-trusted-firmware/tf-a-<board name>-usb_Signed.stm32
For UART (used with STM32CubeProgrammer):
STM32MP_SigningTool_CLI -pubk <path to meta-st-stm32mp>key/stm32mp15/publicKey.pem -prvk <path to meta-st-stm32mp>key/stm32mp15/privateKey.pem -pwd <password> -t ssbl -bin arm-trusted-firmware/tf-a-<board name>-uart.stm32 -o arm-trusted-firmware/tf-a-<board name>-uart_Signed.stm32
5.2 Signing first stage bootloader binaries for STM32MP13x lines [edit]
For SDCARD:
STM32MP_SigningTool_CLI -pubk <path to meta-st-stm32mp>key/stm32mp13/publicKey*.pem -prvk <path to meta-st-stm32mp>key/stm32mp15/privateKey00.pem -pwd <password> -t ssbl -of 0x00000001 -bin arm-trusted-firmware/tf-a-<board name>-sdcard.stm32 -o arm-trusted-firmware/tf-a-<board name>-sdcard_Signed.stm32
For EMMC:
STM32MP_SigningTool_CLI -pubk <path to meta-st-stm32mp>key/stm32mp13/publicKey*.pem -prvk <path to meta-st-stm32mp>key/stm32mp13/privateKey00.pem -pwd <password> -t ssbl -of 0x00000001 -bin arm-trusted-firmware/tf-a-<board name>-emmc.stm32 -o arm-trusted-firmware/tf-a-<board name>-emmc_Signed.stm32
For NAND:
STM32MP_SigningTool_CLI -pubk <path to meta-st-stm32mp>key/stm32mp13/publicKey*.pem -prvk <path to meta-st-stm32mp>key/stm32mp13/privateKey00.pem -pwd <password> -t ssbl -of 0x00000001 -bin arm-trusted-firmware/tf-a-<board name>-nand.stm32 -o arm-trusted-firmware/tf-a-<board name>-nand_Signed.stm32
For NOR:
STM32MP_SigningTool_CLI -pubk <path to meta-st-stm32mp>key/stm32mp13/publicKey*.pem -prvk <path to meta-st-stm32mp>key/stm32mp13/privateKey00.pem -pwd <password> -t ssbl -of 0x00000001 -bin arm-trusted-firmware/tf-a-<board name>-nor.stm32 -o arm-trusted-firmware/tf-a-<board name>-nor_Signed.stm32
For USB (used with STM32CubeProgrammer):
STM32MP_SigningTool_CLI -pubk <path to meta-st-stm32mp>key/stm32mp13/publicKey*.pem -prvk <path to meta-st-stm32mp>key/stm32mp13/privateKey00.pem -pwd <password> -t ssbl -of 0x00000001 -bin arm-trusted-firmware/tf-a-<board name>-usb.stm32 -o arm-trusted-firmware/tf-a-<board name>-usb_Signed.stm32
For UART (used with STM32CubeProgrammer):
STM32MP_SigningTool_CLI -pubk <path to meta-st-stm32mp>key/stm32mp13/publicKey*.pem -prvk <path to meta-st-stm32mp>key/stm32mp13/privateKey00.pem -pwd <password> -t ssbl -of 0x00000001 -bin arm-trusted-firmware/tf-a-<board name>-uart.stm32 -o arm-trusted-firmware/tf-a-<board name>-uart_Signed.stm32
6 Create FlashLayout for signed binaries[edit]
To populate the correct binaries on the board, you need to create a FlashLayout file with the signed binaries:
- FSBL = tf-a-*_Signed.stm32
- FIP = fip-*.bin
Example for FlashLayout_sdcard_stm32mp157f-dk2-optee.tsv:
#Opt Id Name Type IP Offset Binary - 0x01 fsbl-boot Binary none 0x0 arm-trusted-firmware/tf-a-stm32mp157f-dk2-usb.stm32 - 0x03 fip-boot FIP none 0x0 fip/fip-stm32mp157f-dk2-optee.bin P 0x04 fsbl1 Binary mmc0 0x00004400 arm-trusted-firmware/tf-a-stm32mp157f-dk2-sdcard.stm32 P 0x05 fsbl2 Binary mmc0 0x00044400 arm-trusted-firmware/tf-a-stm32mp157f-dk2-sdcard.stm32 P 0x06 metadata1 Binary mmc0 0x00084400 arm-trusted-firmware/metadata.bin P 0x07 metadata2 Binary mmc0 0x000C4400 arm-trusted-firmware/metadata.bin P 0x08 fip-a FIP mmc0 0x00104400 fip/fip-stm32mp157f-dk2-optee.bin PED 0x09 fip-b FIP mmc0 0x00504400 none PED 0x0A u-boot-env Binary mmc0 0x00904400 none P 0x10 bootfs System mmc0 0x00984400 st-image-bootfs-openstlinux-weston-stm32mp1.ext4 P 0x11 vendorfs FileSystem mmc0 0x04984400 st-image-vendorfs-openstlinux-weston-stm32mp1.ext4 P 0x12 rootfs FileSystem mmc0 0x05984400 st-image-weston-openstlinux-weston-stm32mp1.ext4 P 0x13 userfs FileSystem mmc0 0x33984400 st-image-userfs-openstlinux-weston-stm32mp1.ext4
You need to update the fsbl1-boot, fip-boot, fsbl1, fsbl2 and fip partitions.
Result:
#Opt Id Name Type IP Offset Binary - 0x01 fsbl-boot Binary none 0x0 arm-trusted-firmware/tf-a-stm32mp157f-dk2-usb_Signed.stm32 - 0x03 fip-boot FIP none 0x0 fip/fip-stm32mp157f-dk2-optee_Signed.bin P 0x04 fsbl1 Binary mmc0 0x00004400 arm-trusted-firmware/tf-a-stm32mp157f-dk2- sdcard_Signed.stm32 P 0x05 fsbl2 Binary mmc0 0x00044400 arm-trusted-firmware/tf-a-stm32mp157f-dk2- sdcard_Signed.stm32 P 0x06 metadata1 Binary mmc0 0x00084400 arm-trusted-firmware/metadata.bin P 0x07 metadata2 Binary mmc0 0x000C4400 arm-trusted-firmware/metadata.bin P 0x08 fip-a FIP mmc0 0x00104400 fip/fip-stm32mp157f-dk2-optee_Signed.bin PED 0x09 fip-b FIP mmc0 0x00504400 none PED 0x0A u-boot-env Binary mmc0 0x00904400 none P 0x10 bootfs System mmc0 0x00984400 st-image-bootfs-openstlinux-weston-stm32mp1.ext4 P 0x11 vendorfs FileSystem mmc0 0x04984400 st-image-vendorfs-openstlinux-weston-stm32mp1.ext4 P 0x12 rootfs FileSystem mmc0 0x05984400 st-image-weston-openstlinux-weston-stm32mp1.ext4 P 0x13 userfs FileSystem mmc0 0x33984400 st-image-userfs-openstlinux-weston-stm32mp1.ext4
7 Program and test[edit]
To populate the correct binaries on the board with STM32CubeProgrammer, you need to use the previous FlashLayout file with the signed binaries.
At boot time on board, you must check the two level of the secure boot: the ROM code secure boot validation and the TF-A BL2 trusted board boot validation.
8 Close the device[edit]
For more information, see How to secure STM32 MPU.
In U-Boot console:
stm32key close
For more information, see How to use U-Boot stm32key command.
As soon as the device is closed, and it is irreversible operation, the user is forced to use only signed images.