Show Contents

Standalone signing and encrypting of images

To maintain a high level of security, strictly limit the number of people who know the private keys to sign the devices artifacts. In many cases, this means that only specific persons—signers—have access to them, and these individuals may or may not be part of the development team.

TrustFence™ standalone signing and encryption tools allow you to isolate the signing/encryption processes from firmware image generation. This way, there is no need to secure the entire development environment, only a secure location in which the firmware images get signed and encrypted.

Requirements:

  1. Add NXP's Code Sign Tools cst and srktool, which are built by Digi Embedded Yocto, to the path:
export PATH=</path/to/dey-project>/tmp/sysroots/x86_64-linux/usr/bin/:${PATH}

Replace /path/to/dey-project with the absolute path to your Digi Embedded Yocto project build directory.

Note The project must be built with TrustFence enabled for the tools to be available. See Enable TrustFence™ support in Digi Embedded Yocto.

  1. Configure the environment with the setup script available on the Digi Embedded Yocto SDK:
source /opt/dey/2.2/environment-setup-cortexa9hf-vfp-neon-dey-linux-gnueabi
  1. Follow these steps to sign and encrypt binary images to boot on a deployed device:

 

© 2018 Digi International Inc. All rights reserved.
Standalone signing and encrypting of images updated on 22 January 2018 02:43:37 PM

DOCUMENT RESOURCES

DIGI RESOURCES

Copyright

Product page

More documentation

Download PDF PDF

About us

Contact us

Support

twitter facebook linked in youtube