Key format for secure boot

Forum|Forum|5 years ago
November 5, 2020
1 reply
1050 views

Hi, I'm trying to generate secure boot keys using native linux tools. I assumed the secureboot format would be documented, but all I found was links to STM32MP_KeyGen.

I can use openssl to generate ECDSA keys, and also get publik keys out. I am at teh point where I can take the private key from STM32MP_KeyGen, and convert it to a public key:

openssl ec -in private-key.pem -pubout -out public-key.pem

However, what I can't figure out is how to get the SHA256 hash of the public key in a way that I can burn in the OTP fuses. openssl hash functions give a different result than the one generated by STM32MP_KeyGen. What is the format that the chip expects?

This topic has been closed for replies.

Best answer by mrnuke

Okay, I figured it out. Rather that try to explain it, I'll post the source code:

https://github.com/mrnuke/stm32mp-keygen/

M

mrnukeAuthorAnswer

Visitor II

Okay, I figured it out. Rather that try to explain it, I'll post the source code:

https://github.com/mrnuke/stm32mp-keygen/

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded