Overview

Firmware bundle build with Barebox, ATF, IMX Firmware and OPTEE (optional). The bundle is packaged as a Rauc archive for simple install.

Build

$ make clean; make

The IMX Code Signing Tool (cst) must be installed and at version >= 3.3.2.

$ make clean; make OTPEE=1

If not using a HSM (pkcs11), the signing keys passphrase may be decrypted using

Uses cst/keys/key_pass.txt (Must be encrypted at rest) After build is completed, remember to delete the key_pass.txt file.

Certificate and key gathered from environment, example using PKCS11:

$ export RAUC_KEY_FILE="pkcs11:token=XXXX;object=rauc-prod"
$ export RAUC_CERT_FILE=XXX.pem

ID	Type (S/V)	Comment
CST_KEY	S	CST passphrase, repeated twice in key_pass.txt
RAUC_KEY	S	OpenSSL signing key
RAUC_CERT	V	OpenSSL signing certificate
REPO_TOKEN	S	Fine grained PAS covering subrepos

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
barebox @ 17d1435		barebox @ 17d1435
image-signer		image-signer
imx-atf @ 8dbe286		imx-atf @ 8dbe286
imx-optee-os @ e0a3e77		imx-optee-os @ e0a3e77
.gitignore		.gitignore
.gitmodules		.gitmodules
0001-Add-support-for-paramters.patch		0001-Add-support-for-paramters.patch
Makefile		Makefile
README.md		README.md
habsetup.sh		habsetup.sh
manifest.raucm.in		manifest.raucm.in