How to generate secure loader stream in the formats Blp, Blx and Blw?
tagged content
[edited by: JValeriani at 7:26 PM (GMT 0) on 3 Sep 2019]
How to generate secure loader stream in the formats Blp, Blx and Blw?
CCES provides signtool utility to generate secure boot streams in formats Blp, Blx or Blw. A sample command to do the same is given here. The same tool has options to generate the ECDSA key pair and the encryption keys.
Generation of Blp boot loader stream:
"<CCES installation path>\signtool.exe" sign -type BLp -attribute 0x80000002=<BCODE value> -attribute 0x80000003=<give 256 or 224 here based on the EDCSA type> -prikey <ecdsa keypair.der> -infile <input loader stream file to be signed> -outfile <output file path>
Generation of Blw boot loader stream
"<CCES installation path>\signtool.exe" sign -type BLw -prikey <ecdsa keypair.der> -infile <input loader stream file to be signed> -enckey <encryption key.bin> -wrapkey <wrapkey.bin> -outfile <output file path>
For a complete list of the options supported by this tool, use the help option as below
"<CCES installation path>\signtool.exe" -help