git clone --recursive https://github.com/Zondax/buildroot-zondax.git
cd buildroot-zondax
if you forgot to add --recursive
then:
git submodule update --recursive
git submodule init
Command | Description |
---|---|
make genkeys-optee |
Generates OPTEE keys(stm/imx) |
make genkeys-uboot |
Generates UBOOT keys(stm) |
make genkeys-tfa |
Generates TFA keys(stm) |
make genkeys |
Generates all keys |
These keys will be generated and placed in the corresponding directories (relative to this file), only if there are not keys.
The keys for the iMX8MMevk are generated by the build process.
and placed in the corresponding directory.
Keys | Description |
---|---|
OPTEE | ./keys/optee_keys |
UBOOT | ./keys/uboot_keys |
TFA | ./keys/tfa_keys |
you can also use make showkeys
to list the existing keys and locations
This repository contains three different configurations
make zondaxtee_qemu_defconfig
make
to start Qemu, you should run
make start-qemu-host
To exit, you can use CTRL+A X
make zondaxtee_imx8mmevk_defconfig
make
BUILDROOT=st make zondaxtee_stm32mp157_dk2_defconfig
BUILDROOT=st make
The images are signed by default, the last step is to burn the corresponding keys on each board(stm/imx) and close the device, so that it only boots images that were signed with the keys created above. This step is very sensitive so refer to our web documentation for more detail on how to do that.