How to sign and encrypt a normal bootstream for Secure Boot?

Document created by Harshit.Gaharwar Employee on Jun 15, 2015
Version 1Show Document
  • View in full screen mode

The Normal boot stream can be signed and encrypted using the Signtool utility. The Signtool utility expects the input boot stream/keys to be in binary format and then generates a signed/encrypted image also in binary format. Following 3 modes are supported:

1. BLp

"C:\Analog Devices\CrossCore Embedded Studio 1.1.0\signtool.exe" sign -type BLp -prikey keypair.bin -infile Normal_Bootstream.ldr -outfile BLp_Secure_Bootstream.ldr

2. BLx

"C:\Analog Devices\CrossCore Embedded Studio 1.1.0\signtool.exe" sign -type BLx -prikey keypair.bin -enckey encrypt_key.bin -infile Normal_Bootstream.ldr -outfile BLx_Secure_Bootstream.ldr

3. BLw

"C:\Analog Devices\CrossCore Embedded Studio 1.1.0\signtool.exe" sign -type BLw -prikey keypair.bin -enckey encrypt_key.bin -wrapkey wrapper_key.bin -infile Normal_Bootstream.ldr -outfile BLw_Secure_Bootstream.ldr

Attachments

    Outcomes