1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
option (ENABLE_SECURE_BOOT "Build signed binary for Secure Boot" OFF)
if (ENABLE_SECURE_BOOT)
message(STATUS "Secure boot enabled")
# NXP CST utility
set(CST_PATH "" CACHE PATH "NXP Code Signing Tool (CST) utility exec. path. PATH lookup if not specified.")
if (NOT CST_PATH)
message(STATUS "Using NXP CST utility from PATH")
else ()
message(STATUS "Using NXP CST utility path: ${CST_PATH}")
endif ()
# NXP elftosb utility
set(ELFTOSB_PATH "" CACHE FILEPATH "NXP elftosb utility exec. path. PATH lookup if not specified.")
if (NOT ELFTOSB_PATH)
message(STATUS "Using NXP elftosb utility from PATH")
else ()
message(STATUS "Using NXP elftosb utility path: ${ELFTOSB_PATH}")
endif ()
# SRK table
set(SRK_TABLE "" CACHE FILEPATH "Super Root Key (SRK) table in a binary form (generated by NXP srktool)")
if (NOT SRK_TABLE)
message(FATAL_ERROR "SRK_TABLE not specified (required for Secure Boot)")
endif ()
# SRK index
set(SRK_INDEX "" CACHE STRING "SRK key index in the SRK table (0-3)")
if (NOT SRK_INDEX)
set(SRK_INDEX "0" CACHE STRING "" FORCE)
endif ()
# CSF key
set(CSF_KEY "" CACHE FILEPATH "CSF key in PEM format for CSF authentication")
if (NOT CSF_KEY)
message(FATAL_ERROR "CSF_KEY not specified (required for Secure Boot)")
endif ()
# IMG key
set(IMG_KEY "" CACHE FILEPATH "IMG key in PEM format for image authentication")
if (NOT IMG_KEY)
message(FATAL_ERROR "IMG_KEY not specified (required for Secure Boot)")
endif ()
message(STATUS "Using SRK table: ${SRK_TABLE}")
message(STATUS "Using SRK index: ${SRK_INDEX}")
message(STATUS "Using CSF key: ${CSF_KEY}")
message(STATUS "Using IMG key: ${IMG_KEY}")
configure_file(
${CMAKE_SOURCE_DIR}/config/imx_authenticated_hab.cmake_template
${CMAKE_BINARY_DIR}/imx_authenticated_hab.bd
)
endif ()