[firmware] # raw = "../lpc55-secure-config/example-app.bin" # signed = "./hopefully-example-bin-signed.bin" # secure_boot = "./example-app.sb2" image = "example-binaries/blinky-red-bee.bin" signed-image = "example-binaries/blinky-red-signed.bin2" secure-boot-image = "example-binaries/blinky-red.sb2" build = 1 component = "0.0.0" product = "0.0.0" [pki] signing-key = "file:example-file-certs/ca_private_key_0.pem" # signing-key = "pkcs11:serial=DECC0401648;object=lpc55-host-dev-ca-0;type=private?module-path=/usr/lib/onepin-opensc-pkcs11.so&pin-value=123456" # signing-key = "pkcs11:object=lpc55-host-dev-ca-0;type=private?module-path=/usr/lib/opensc-pkcs11.so&pin-value=123456" # D826E2FD 44F5C254 BC58C62E BF96A938 95C19DC2 25810C95 C8B9E6FD 9F7CC9CB certificates = [ "file:example-file-certs/ca_certificate_0.der", "file:example-file-certs/ca_certificate_1.der", "file:example-file-certs/ca_certificate_2.der", "file:example-file-certs/ca_certificate_3.der", ] # 6A528D30 4FD8F9B7 D06FF7C4 32DFD512 09668660 6E48193B 2EB21102 0B7FD7C0 # certificates = [ # "lpc55-host-dev-ca-0.der", # "lpc55-host-dev-ca-1.der", # "lpc55-host-dev-ca-2.der", # "lpc55-host-dev-ca-3.der", # ] # 6A528D30 4FD8F9B7 D06FF7C4 32DFD512 09668660 6E48193B 2EB21102 0B7FD7C0 # certificates = [ # "pkcs11:object=lpc55-host-dev-ca-0;type=cert?module-path=/usr/lib/opensc-pkcs11.so", # "pkcs11:object=lpc55-host-dev-ca-1;type=cert?module-path=/usr/lib/opensc-pkcs11.so", # "pkcs11:object=lpc55-host-dev-ca-2;type=cert?module-path=/usr/lib/opensc-pkcs11.so", # "pkcs11:object=lpc55-host-dev-ca-3;type=cert?module-path=/usr/lib/opensc-pkcs11.so", # ] [reproducibility] # set these for reproducibility (we pick all-zeroes by default, whereas elftosb picks random keys) dek = "5762307D11981295FC89E8E6947087C0A3E350660D57A03AAA000C8BE5823231" mac = "4A88F1B5B9F6A07716C4A89CC6851D519D999FDAA9EF4FF05545700F24EC1D71" nonce = [3822587620, 613396447, 833979729, 763188229] timestamp = 664665542000000 sb-header-padding = "36BB2DC5" [factory-settings] # smartcardhsm-based keys # rot_fingerprint = "6A528D30 4FD8F9B7 D06FF7C4 32DFD512 09668660 6E48193B 2EB21102 0B7FD7C0" # file-based keys rot-fingerprint = "D826E2FD 44F5C254 BC58C62E BF96A938 95C19DC2 25810C95 C8B9E6FD 9F7CC9CB" usb-id = { vid = 0x1209, pid = 0xb000 } [factory-settings.secure-boot-configuration] # puf-enrollment-disabled = false # secure-boot-enabled = false dice-computation-disabled = true [customer-settings] rot-keys-status = ["Enabled", "Enabled", "Enabled", "Enabled"] customer-version = 1 secure-firmware-version = 1 nonsecure-firmware-version = 1 # [keystore] # sbkek = "AAAAAAAA AAAAAAAAA AAAAAAAA AAAAAAAA AAAAAAA AAAAAAAA AAAAAAAA AAAAAAAA" [[commands]] cmd = "CheckSecureFirmwareVersion" version = 1 [[commands]] cmd = "CheckNonsecureFirmwareVersion" version = 1 [[commands]] cmd = "Erase" start = 0x0 end = 0xC00 # = 3072 = 6*512, size of blinky-red.bin is 856 bytes, signed version is 2148 bytes # end = 512 [[commands]] cmd = "Load" file = "example-binaries/blinky-red-signed.bin" src = 512 dst = 512 [[commands]] cmd = "Load" file = "example-binaries/blinky-red-signed.bin" len = 512 # Example provisioning for Solo [[provisions]] cmd = "Keystore" sub-cmd= "Enroll" [[provisions]] cmd = "Keystore" sub-cmd= "SetKey" key = "SecureBootKek" data = [0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA] [[provisions]] cmd = "Keystore" sub-cmd= "GenerateKey" key = "PrinceRegion0" len = 16 [[provisions]] cmd = "Keystore" sub-cmd= "GenerateKey" key = "PrinceRegion1" len = 16 [[provisions]] cmd = "Keystore" sub-cmd= "GenerateKey" key = "PrinceRegion2" len = 16 [[provisions]] cmd = "Keystore" sub-cmd= "GenerateKey" key = "UserPsk" len = 16 [[provisions]] cmd = "Keystore" sub-cmd= "WriteNonVolatile" [[provisions]] cmd = "WriteMemoryWords" # temporary ram memory address = 0x20034000 words = [ # Config for Prince region 1 0x50000001, 0xA0000, 0x00000, # Config for Prince region 2 0x50000002, 0x80000, 0x1de00 ] [[provisions]] cmd = "ConfigureMemory" address = 0x20034000 [[provisions]] cmd = "ConfigureMemory" address = 0x2003400C [[provisions]] cmd = "Reset"