MTK 的bootload, lk, boot三阶段的验证和签名过程。
1. 签名主要python 脚本
vendor/mediatek/proprietary/scripts/sign-image_v2/sign.py:
vendor/mediatek/proprietary/scripts/sign-image_v2/img_key_deploy.py
sign_flow.py
img_key_deploy.py <platform> <project>\
cert1_key_path=<key_path> \
cert2_key_path=<key_path> \
root_key_padding=<padding_type>"
img_key_deploy.py mt6797 k97v1_64 \
cert1_key_path=privk1.pem \
cert2_key_path=privk2.pem"
2. 签名key,可以定制,生成证书
cert1_key_path: ./hsm_test_keys/root_prvk.pem
cert2_key_path: ./hsm_test_keys/img_prvk.pem
sign-image_v2\x509_template
3. Pub key,Priv Key
vendor\mediatek\proprietary\custom\mt6xxx\security\cert_config
lib.asn1_gen.asn1_gen(tbs_config_file_path, tbs_cert_file_path, False)
lib.cert.sig_gen(tbs_cert_file_path, prvk_file_path, 'pss', sig_file_path)
4. Preload
vendor\mediatek\proprietary\bootable\bootloader\preloader\platform\mt6xxx\src\core\partition.c
vendor\mediatek\proprietary\bootable\bootloader\preloader\platform\mt6xxx\src\core\partition.c
vendor/mediatek/proprietary/bootable/bootloader/lk/target/k71v1_64_bsp/inc/oemkey.h
seclib_set_pubk(g_oemkey, OEM_PUBK_SZ);
vendor/mediatek/proprietary/bootable/bootloader/preloader/platform/mt6771/src/security/sec.c:
seclib_set_pubk(g_oemkey, OEM_PUBK_SZ);
static void lk_vb_vfy_dtbo(void)
{
#ifdef MTK_SECURITY_SW_SUPPORT
PROFILING_START("dtbo vfy");
if (0 != img_auth_stor(get_dtbo_part_name(), "dtbo", 0x0))
assert(0);
5、下载 DA文件
vendor/mediatek/proprietary/scripts/secure_chip_tools/resign_da.py
可以对DA文件重签名,有你意想不到的效果!!
#sign all load regions of the specified chip
python resign_da.py prebuilt/resignda/MTK_AllInOne_DA.bin MT6755 settings/resignda/bbchips_pss.ini all out/resignda/MTK_AllInOne_DA.bin-resign
#sign only the specified load region of the specified chip, e.g. 0
python resign_da.py prebuilt/resignda/MTK_AllInOne_DA.bin MT6755 settings/resignda/bbchips_pss.ini 0 out/resignda/MTK_AllInOne_DA.bin-resign
