Firmware bundle build with Barebox, ATF, IMX Firmware and OPTEE (optional). The bundle is packaged as a Rauc archive for simple install.
Make sure the following is installed: flex, bison, libssl-dev, libusb-1.0-0-dev, imx-code-signing-tool, pkg-config And of course a compiler for aarch64
make clean; make
The IMX Code Signing Tool (cst) must be installed and at version >= 3.3.2.
$ make clean; make OPTEE=1
If not using a HSM (pkcs11), the signing keys passphrase may be decrypted using
Uses cst/keys/key_pass.txt (Must be encrypted at rest) After build is completed, remember to delete the key_pass.txt file.
Certificate and key gathered from environment, example using PKCS#11:
export RAUC_KEY_FILE="pkcs11:token=XXXX;object=rauc-prod"
export RAUC_CERT_FILE=XXX.pem
| ID | Type (S/V) | Comment |
|---|---|---|
| CST_KEY | S | CST passphrase, repeated twice in key_pass.txt |
| RAUC_KEY | S | OpenSSL signing key |
| RAUC_CERT | V | OpenSSL signing certificate |
| REPO_TOKEN | S | Fine grained PAS covering subrepos |