“STM32 header for binary files”的版本间的差异

来自百问网嵌入式Linux wiki
第7行: 第7行:
 
[[File:STM32_header.png  | right]]
 
[[File:STM32_header.png  | right]]
  
Each binary image (signed or not) loaded by [[:Category:ROM_code|ROM code]] and by [[TF-A_overview|TF-A]] need to include a specific STM32 header added on top of the binary data. The header includes the authentication information.
+
[[:Category:ROM_code|ROM code]] [[TF-A_overview|TF-A]] 加载的每个二进制映像(已签名或未签名)都需要在二进制数据的顶部添加特定的STM32标头,标题包括认证信息。
  
 
{| class="wikitable"
 
{| class="wikitable"
第45行: 第45行:
  
 
<noinclude>
 
<noinclude>
The OTP used for the '''Version number''' and the '''Hash of pubKey''' are defined in the chapter “OTP configuration“ of the [[: Category:ROM_code |ROM code overview]].
+
用于 '''Version number''' '''Hash of pubKey''' 的动态口令在 “OTP 配置”一章中定义 [[: Category:ROM_code |ROM code overview]].
  
 
[[Category:ROM code|0]]
 
[[Category:ROM code|0]]
 
</noinclude>
 
</noinclude>

2020年11月2日 (一) 09:16的版本

STM32标头是STMicroelectronics标头,是由 ROM codeTF-A加载的二进制文件所需要的。

Description

STM32 header.png

ROM codeTF-A 加载的每个二进制映像(已签名或未签名)都需要在二进制数据的顶部添加特定的STM32标头,标题包括认证信息。

Name Length Byte Offset Description
Magic number 32 bits 0 4 bytes in big endian:
'S', 'T', 'M', 0x32 = 0x53544D32
Image signature 512 bits 4 ECDSA signature for image authentication[Note 1]
Image checksum 32 bits 68 Checksum of the payload[Note 2]
Header version 32 bits 72 Header version v1.0 = 0x00010000
Byte0: reserved
Byte1:major version = 0x01
Byte2: minor version = 0x00
Byte3: reserved
Image length 32 bits 76 Length of image in bytes[Note 3]
Image entry Point 32 bits 80 Entry point of image
Reserved1 32 bits 84 Reserved
Load address 32 bits 88 Load address of image[Note 4]
Reserved2 32 bits 92 Reserved
Version number 32 bits 96 Image Version (monotonic number)[Note 5]
Option flags 32 bits 100 b0=1: no signature verification[Note 6]
ECDSA algorithm 32 bits 104 1: P-256 NIST ; 2: brainpool 256
ECDSA public key 512 bits 108 ECDSA public key to be used to verify the signature.[Note 7]
Padding 83 Bytes 172 Reserved padding bytes[Note 8]. Must all be set to 0
Binary type 1 Byte 255 Used to check the binary type
0x00: U-Boot
0x10-0x1F: TF-A
0x20-0X2F: OPTEE
0x30: Copro
  1. Signature is calculated from first byte of header version field to last byte of image given by image length field.
  2. 32-bit sum of all payload bytes accessed as 8-bit unsigned numbers, discarding any overflow bits. Used to check the downloaded image integrity when signature is not used (if b0=1 in Option flags).
  3. Length is the length of the built image, it does not include the length of the STM32 header.
  4. This field is not used by ROM code.
  5. Image version number is an anti rollback monotonic counter. The ROM code checks that it is higher or equal to the monotonic counter stored in OTP.
  6. Enabling signature verification is mandatory on secure closed chips.
  7. This field is an extract of PEM public key file that only kept the ECC Point coordinates x and y in a raw binary format (RFC 5480). This field will be hashed with SHA-256 and compared to the Hash of pubKey that is stored in OTP.
  8. This padding forces STM32 header size to 256 bytes (0x100).


用于 Version numberHash of pubKey 的动态口令在 “OTP 配置”一章中定义 ROM code overview.