“STM32 header for binary files”的版本间的差异
来自百问网嵌入式Linux wiki
(未显示同一用户的1个中间版本) | |||
第7行: | 第7行: | ||
[[File:STM32_header.png | right]] | [[File:STM32_header.png | right]] | ||
− | + | 由[[:Category:ROM_code|ROM code]] 和 [[TF-A_overview|TF-A]] 加载的每个二进制映像(已签名或未签名)都需要在二进制数据的顶部添加特定的STM32标头,标题包括认证信息。 | |
{| class="wikitable" | {| class="wikitable" | ||
第14行: | 第14行: | ||
| Magic number || 32 bits || 0 || 4 bytes in big endian:<br> 'S', 'T', 'M', 0x32 = 0x53544D32 | | Magic number || 32 bits || 0 || 4 bytes in big endian:<br> 'S', 'T', 'M', 0x32 = 0x53544D32 | ||
|- | |- | ||
− | | Image signature || 512 bits || 4 || ECDSA signature for image authentication<ref group="Note"> | + | | Image signature || 512 bits || 4 || ECDSA signature for image authentication<ref group="Note">从报头版本字段的第一个字节到由图像长度字段给定的图像的最后一个字节计算签名。</ref> |
|- | |- | ||
− | | Image checksum || 32 bits || 68 || Checksum of the payload<ref group="Note"> | + | | Image checksum || 32 bits || 68 || Checksum of the payload<ref group="Note">将所有有效载荷字节的32位总和作为8位无符号数字访问,并丢弃所有溢出位。不使用签名时用于检查下载的图像的完整性。(如果Option标志中的b0 = 1)</ref> |
|- | |- | ||
| Header version || 32 bits || 72 || Header version v1.0 = 0x00010000<br> Byte0: reserved<br> Byte1:major version = 0x01 <br> Byte2: minor version = 0x00 <br> Byte3: reserved | | Header version || 32 bits || 72 || Header version v1.0 = 0x00010000<br> Byte0: reserved<br> Byte1:major version = 0x01 <br> Byte2: minor version = 0x00 <br> Byte3: reserved | ||
|- | |- | ||
− | | Image length || 32 bits || 76 || Length of image in bytes<ref group="Note"> | + | | Image length || 32 bits || 76 || Length of image in bytes<ref group="Note">长度是构建映像的长度,不包括STM32标头的长度。</ref> |
|- | |- | ||
| Image entry Point || 32 bits || 80 || Entry point of image | | Image entry Point || 32 bits || 80 || Entry point of image | ||
第26行: | 第26行: | ||
| Reserved1 || 32 bits || 84 || Reserved | | Reserved1 || 32 bits || 84 || Reserved | ||
|- | |- | ||
− | | Load address || 32 bits || 88 || Load address of image<ref group="Note"> | + | | Load address || 32 bits || 88 || Load address of image<ref group="Note">ROM代码不使用该字段。</ref> |
|- | |- | ||
| Reserved2 || 32 bits || 92 || Reserved | | Reserved2 || 32 bits || 92 || Reserved | ||
|- | |- | ||
− | | Version number || 32 bits || 96 || Image Version (monotonic number)<ref group="Note"> | + | | Version number || 32 bits || 96 || Image Version (monotonic number)<ref group="Note">图像 '''版本号''' 是反回滚的单调计数器。 ROM代码检查它是否大于或等于OTP中存储的单调计数器。</ref> |
|- | |- | ||
− | | Option flags || 32 bits || 100 || b0=1: no signature verification<ref group="Note"> | + | | Option flags || 32 bits || 100 || b0=1: no signature verification<ref group="Note">在安全的封闭芯片上必须启用签名验证。</ref> |
|- | |- | ||
| ECDSA algorithm || 32 bits || 104 || 1: P-256 NIST ; 2: brainpool 256 | | ECDSA algorithm || 32 bits || 104 || 1: P-256 NIST ; 2: brainpool 256 | ||
|- | |- | ||
− | | ECDSA public key || 512 bits || 108 || ECDSA public key to be used to verify the signature.<ref group="Note"> | + | | ECDSA public key || 512 bits || 108 || ECDSA public key to be used to verify the signature.<ref group="Note"> 此字段是PEM公钥文件的一部分,该文件仅以原始二进制格式保留ECC点坐标“x”和“y” ([http://www.rfc-editor.org/info/rfc5480 RFC 5480]).该字段将使用SHA-256进行哈希处理,并与OTP中存储的 '''公钥的哈希(Hash of pubKey)''' 进行比较</ref> |
|- | |- | ||
− | | Padding || 83 Bytes || 172 || Reserved padding bytes<ref group="Note"> | + | | Padding || 83 Bytes || 172 || Reserved padding bytes<ref group="Note">此填充将STM32标头的大小强制为256个字节(0x100)。</ref>. Must all be set to 0 |
|- | |- | ||
| Binary type || 1 Byte || 255 || Used to check the binary type<br>0x00: U-Boot <br>0x10-0x1F: TF-A <br>0x20-0X2F: OPTEE <br>0x30: Copro | | Binary type || 1 Byte || 255 || Used to check the binary type<br>0x00: U-Boot <br>0x10-0x1F: TF-A <br>0x20-0X2F: OPTEE <br>0x30: Copro | ||
第45行: | 第45行: | ||
<noinclude> | <noinclude> | ||
− | + | 用于 '''版本号''' 和 '''公钥的哈希(Hash of pubKey)''' 的动态口令在 “OTP 配置”一章中定义 [[: Category:ROM_code |ROM code overview]]. | |
[[Category:ROM code|0]] | [[Category:ROM code|0]] | ||
</noinclude> | </noinclude> |
2020年11月2日 (一) 09:34的最新版本
STM32标头是STMicroelectronics标头,是由 ROM code 和 TF-A加载的二进制文件所需要的。
Description
由ROM code 和 TF-A 加载的每个二进制映像(已签名或未签名)都需要在二进制数据的顶部添加特定的STM32标头,标题包括认证信息。
Name | Length | Byte Offset | Description |
---|---|---|---|
Magic number | 32 bits | 0 | 4 bytes in big endian: 'S', 'T', 'M', 0x32 = 0x53544D32 |
Image signature | 512 bits | 4 | ECDSA signature for image authentication[Note 1] |
Image checksum | 32 bits | 68 | Checksum of the payload[Note 2] |
Header version | 32 bits | 72 | Header version v1.0 = 0x00010000 Byte0: reserved Byte1:major version = 0x01 Byte2: minor version = 0x00 Byte3: reserved |
Image length | 32 bits | 76 | Length of image in bytes[Note 3] |
Image entry Point | 32 bits | 80 | Entry point of image |
Reserved1 | 32 bits | 84 | Reserved |
Load address | 32 bits | 88 | Load address of image[Note 4] |
Reserved2 | 32 bits | 92 | Reserved |
Version number | 32 bits | 96 | Image Version (monotonic number)[Note 5] |
Option flags | 32 bits | 100 | b0=1: no signature verification[Note 6] |
ECDSA algorithm | 32 bits | 104 | 1: P-256 NIST ; 2: brainpool 256 |
ECDSA public key | 512 bits | 108 | ECDSA public key to be used to verify the signature.[Note 7] |
Padding | 83 Bytes | 172 | Reserved padding bytes[Note 8]. Must all be set to 0 |
Binary type | 1 Byte | 255 | Used to check the binary type 0x00: U-Boot 0x10-0x1F: TF-A 0x20-0X2F: OPTEE 0x30: Copro |
- ↑ 从报头版本字段的第一个字节到由图像长度字段给定的图像的最后一个字节计算签名。
- ↑ 将所有有效载荷字节的32位总和作为8位无符号数字访问,并丢弃所有溢出位。不使用签名时用于检查下载的图像的完整性。(如果Option标志中的b0 = 1)
- ↑ 长度是构建映像的长度,不包括STM32标头的长度。
- ↑ ROM代码不使用该字段。
- ↑ 图像 版本号 是反回滚的单调计数器。 ROM代码检查它是否大于或等于OTP中存储的单调计数器。
- ↑ 在安全的封闭芯片上必须启用签名验证。
- ↑ 此字段是PEM公钥文件的一部分,该文件仅以原始二进制格式保留ECC点坐标“x”和“y” (RFC 5480).该字段将使用SHA-256进行哈希处理,并与OTP中存储的 公钥的哈希(Hash of pubKey) 进行比较
- ↑ 此填充将STM32标头的大小强制为256个字节(0x100)。
用于 版本号 和 公钥的哈希(Hash of pubKey) 的动态口令在 “OTP 配置”一章中定义 ROM code overview.