RuzTEE images
Clone the repository:
git clone --recursive https://github.com/Zondax/buildroot-zondax.git
cd buildroot-zondax
if you forgot to add --recursive
then:
git submodule update --recursive
git submodule init
Generating Keys
Command | Description |
---|---|
make genkeys-optee |
Generates OPTEE keys(stm/imx) |
make genkeys-uboot |
Generates UBOOT keys(stm) |
make genkeys-tfa |
Generates TFA keys(stm) |
make genkeys |
Generates all keys |
These keys will be generated and placed in the corresponding directories (relative to this file), only if there are not keys.
The keys for the iMX8MMevk are generated by the build process.
and placed in the corresponding directory.
Keys | Description |
---|---|
OPTEE | ./keys/optee_keys |
UBOOT | ./keys/uboot_keys |
TFA | ./keys/tfa_keys |
you can also use make showkeys
to list the existing keys and locations
Building
This repository contains three different configurations
Qemu
make zondaxtee_qemu_defconfig
make
to start Qemu, you should run
make start-qemu-host
To exit, you can use CTRL+A X
iMX8MMevk
make zondaxtee_imx8mmevk_defconfig
make
STM32MP157
BUILDROOT=st make zondaxtee_stm32mp157_dk2_defconfig
BUILDROOT=st make
Signing images
The images are signed by default, the last step is to burn the corresponding keys on each board(stm/imx) and close the device, so that it only boots images that were signed with the keys created above. This step is very sensitive so refer to our web documentation for more detail on how to do that.