Abubuwan da ke ciki boye
1 STM32MPx Jerin Kayan Aikin Sa hannu
2 Bayanin samfur
3 Umarnin Amfani da samfur
4 Tambayoyin da ake yawan yi (FAQ)
5 Gabatarwa
6 Shigar da STM32MP-SignTool
7 STM32MP-SignTool umarni-line dubawa
7.1 PKCS#11 mafita
8 Tarihin bita
9 MUHIMMAN SANARWA – KU KARANTA A HANKALI
10 Takardu / Albarkatu
10.1 Magana
11 Labarai masu alaka

Sa hannu-tambarin kayan aiki

STM32MPx Jerin Kayan Aikin Sa hannu

Bayanin samfur

Ƙayyadaddun bayanai:

  • Sunan samfurSaukewa: STM32MP-SignTool
  • Siga: Saukewa: UM2543
  • Ranar Saki: Yuni 2024

Umarnin Amfani da samfur

Shigarwa:
Don shigar da STM32MP-SignTool, bi matakan da aka bayar a cikin littafin mai amfani.

Interface-Command-Line:
Ana samun umarni masu zuwa lokacin amfani da STM32MP-SignTool daga layin umarni:

  • -binary-image(-bin), -input(-in)
  • -Sigar-image (-iv)
  • - maɓalli na sirri (-prvk)
  • - maɓalli na jama'a - pubk

Exampda:
Koma zuwa ga tsohonampLes kasa don fahimtar yadda ake amfani da STM32MP-SignTool yadda ya kamata:

  1. Example 1: Default algorithm selection da fitarwa file halitta.
  2. Example 2: Shiga binary file tare da sigar kai 2 da maɓallan jama'a da yawa.

Yanayin tsaye:
Lokacin amfani da STM32MP-SignTool a Yanayin tsaye, bi waɗannan matakan:

  1. Shiga cikakkiyar hanya tukuna.
  2. Samar da bayanan da ake buƙata kamar zaɓin algorithm, sigar hoto, wurin shigarwa, da adireshin kaya.

Tambayoyin da ake yawan yi (FAQ)

  • Ta yaya zan tabbatar da fitarwa hoton file?
    Kuna iya tabbatar da hoton da aka samu ta hanyar rarraba abin da aka fitar file da kuma duba kowane filin kai. Yi amfani da umarnin:  ./STM32MP_SigningTool_CLI.exe -dump /home/user/output.stm32
  • Menene bambanci tsakanin nau'ikan rubutun kai don sa hannu?
    Sigar taken tana ƙayyade adadin maɓallan jama'a da ake buƙata don tantancewa. Don misaliample, sigar kai 1 tana buƙatar hanya ɗaya don samfuran STM32MP15xx, yayin da sigar taken 2 da mafi girma na buƙatar hanyoyi takwas don wasu.

Gabatarwa

  • STM32MPx jerin sa hannu software kayan aiki (mai suna STM32MP-SignTool a cikin wannan takarda) an haɗa shi a cikin STM32CubeProgrammer (STM32CubeProg).
  • STM32MP-SignTool kayan aiki ne mai mahimmanci wanda ke ba da garantin kafaffen dandamali kuma yana tabbatar da sanya hannu kan hotunan binaryar ta amfani da maɓallan ECC da STM32MP-KeyGen ke samarwa (koma zuwa bayanin jagorar mai amfani STM32MPx jerin maɓallin janareta na software (UM2542) don ƙarin cikakkun bayanai).
  • Ana amfani da hotunan binaryar da aka rattaba hannu a yayin tsarin STM32MPx na MPU amintaccen jerin taya wanda ke goyan bayan amintaccen sarkar taya. Wannan aikin yana tabbatar da tantancewa da amincin hotunan da aka ɗora.
  • STM32MP-SignTool yana haifar da hoton binary file, maɓalli na jama'a file, da maɓalli na sirri file.
  • Hoton binary file ya ƙunshi bayanan binary da za a tsara don na'urar.
  • Makullin jama'a file ya ƙunshi maɓallin jama'a na ECC a tsarin PEM, wanda aka ƙirƙira tare da STM32MP-KeyGen.
  • Maɓalli na sirri file ya ƙunshi rufaffen maɓallin keɓaɓɓen ECC a cikin tsarin PEM, wanda aka ƙirƙira tare da STM32MP-KeyGen.
  • Binary mai sa hannu file Hakanan za'a iya ƙirƙira daga wanda aka riga aka sa hannu file tare da batch file yanayin. A wannan yanayin, sigogi masu zuwa ba dole ba ne: wurin shigar hoto, adireshin ɗaukar hoto, da sigogin sigar hoto.

Shigar da STM32MP-SignTool

  • An shigar da wannan kayan aiki tare da kunshin STM32CubeProgrammer (STM32CubeProg). Don ƙarin bayani game da tsarin saiti, koma zuwa sashe na 1.2 na bayanin software STM32CubeProgrammer (UM2237).
  • Wannan software ta shafi tsarin STM32MPx na tushen Arm® MPUs.
    Lura: Arm alamar kasuwanci ce mai rijista ta Arm Limited (ko rassan sa) a cikin Amurka da/ko wani wuri.

STM32MP-SignTool umarni-line dubawa

Sashe masu zuwa suna bayyana yadda ake amfani da STM32MP-SignTool daga layin umarni.

Umarni
Ana jera umarnin da ake da su a ƙasa:

  • -binary-image(-bin), -input(-in)
    • Bayani: hoton binary file hanya (.bin tsawo)
    • Daidaitawa: 1-bin /home/User/binaryFile.bin
    • Daidaitawa :2 -in /home/User/binaryFile.bin
  • -Sigar-image (-iv)
    • Bayani: yana shigar da sigar hoton hoton da aka sa hannu file
    • Daidaitawa: -iv
  • - maɓalli na sirri (-prvk)
    • Bayani: maɓalli na sirri file hanya (.pem tsawo)
    • Daidaitawa: -prvkfile_tafarki>
    • Exampda: -prvk ../privateKey.pem
  • - maɓalli na jama'a - pubk
    • Bayani: jama'a key file hanyoyi
    • Daidaitawa: - pubkFile_Hanya{1..8}>
      • Don taken v1: yi amfani da hanya ɗaya kawai don samfuran STM32MP15xx
      • Don taken v2 kuma mafi girma: yi amfani da hanyoyi guda takwas don wasu
  • kalmar sirri (-pwd)
    • Bayani: kalmar sirri ta maɓalli na sirri (wannan kalmar sirri dole ne ta ƙunshi aƙalla haruffa huɗu)
    • Exampda: - pwd azarty
  • Adireshin kaya (-la)
    • Bayani: adireshin ɗaukar hoto
    • Exampda: - da
  • -maki-shiga (-ep)
    • Bayani: wurin shigar hoto
    • Exampda: -ep
  • - tutoci na zaɓi (-na)
    • Bayani: Tutocin zaɓin hoto (ƙimar tsoho = 0)
    • Exampda: -na
  • Algorithm (-a)
    • Bayani: Yana ƙayyade ɗaya daga cikin prime256v1 (darajar 1, tsoho) ko brainpoolP256t1 (darajar 2)
    • Exampda: - a <2>
  • - fitarwa (-o)
    • Bayani: fitarwa file hanya. Wannan siga na zaɓi ne. Idan ba a ƙayyade ba, fitarwa file an samar dashi a tushe guda file hanyar (Example, hoton binary file shine C: \ BinaryFile.bin). Binaryar da aka sanya hannu file shine C: \ BinaryFile_Sa hannu.bin.
    • Daidaitawa: -oFile_Tafarki>
  • - nau'in (-t)
    • Bayani: nau'in binary. Mahimman ƙima sune ssbl, fsbl, teeh, teed, teex da copro
    • Daidaitawa: -t
  • - shiru (-s)
    Bayani: babu saƙon da aka nuna don maye gurbin fitarwa mai gudana file
  • -taimako (-h da -?)
    Bayani:     nuna taimako
  • - sigar (-v)
    Bayani: nuna kayan aiki version
  • -enc-dc (-encdc)
    • Bayani: ɓangarorin ɓoyayyen ɓoye don ɓoye ɓoyayyen FSBL [header v2]
    • Daidaitawa: - encdc
  • - maɓalli (-enck)
    • Bayani: OEM sirrin file don boye-boye na FSBL [header v2]
    • Daidaitawa: - duk
  • - juji-kai (-juji)
    • Bayani: kitsa kuma zubar da taken hoton
    • Daidaitawa: - dumpFile_Tafarki>
  • - sigar kai (-hv)
    • Bayani: sigar sa hannu, ƙididdiga masu yiwuwa: 1, 2, 2.1, 2.2
    •  Example Saukewa: STM32MP15:-hv2
    • Example Saukewa: STM32MP25:-hv2.2
  • -ba-maɓalli (-nk)
    • Bayani: ƙara taken fanko ba tare da zaɓuɓɓukan maɓalli ba
    • Sanarwa: buƙatar musaki zaɓin tantancewa tare da umarnin tutoci na zaɓi.

ExampBayanan Bayani na STM32MP-SignTool
Mai zuwa exampNuna yadda ake amfani da STM32MP-SignTool:

  • Exampshafi na 1 

    STM32MPx-Series-Signing-Tool-Software-fig-1
    An zaɓi tsohuwar algorithm (prime256v1) kuma ƙimar tutar zaɓi ita ce 0 (ƙimar tsoho). Abun fitarwa da aka sanya hannu file (BinaryFile_Signed.bin) an ƙirƙira shi a cikin /home/user/ folder

  • Exampshafi na 2STM32MPx-Series-Signing-Tool-Software-fig-2

    BrainpoolP256t1 algorithm an zaɓi a wannan yanayin. Ko da Folder2 da Folder3 ba su wanzu, an ƙirƙira su. Tare da umarnin –s, ko da a file yana wanzu tare da ƙayyadadden suna, ana maye gurbinsa ta atomatik ba tare da wani saƙo ba.

  • Exampshafi na 3
    Sa hannu kan binary file ta amfani da sigar rubutun kai 2 wanda ya ƙunshi maɓallan jama'a takwas don kwararar tantancewa.STM32MPx-Series-Signing-Tool-Software-fig-3
  • Exampshafi na 4
    Sa hannu kan binary file ta amfani da sigar rubutun kai 2 wanda ya haɗa da maɓallan jama'a takwas don tantancewa tare da kwararar ɓoyewa.STM32MPx-Series-Signing-Tool-Software-fig-4
  • Exampshafi na 5
    Tabbatar da hoton da aka samo ta hanyar karkatar da fitarwa file kuma duba kowane filin taken.STM32MPx-Series-Signing-Tool-Software-fig-5
  • Exampshafi na 6
    Ƙara kan kai ba tare da sa hannu ba kuma ba tare da tura maɓallai ba.STM32MPx-Series-Signing-Tool-Software-fig-6

Yanayin tsaye
Lokacin aiwatar da STM32MP-SignTool a yanayin tsaye, dole ne a fara shigar da cikakkiyar hanya. Sannan ana buƙatar kalmar sirri sau biyu don tabbatarwa, kamar yadda aka nuna a hoton da ke ƙasa.

STM32MPx-Series-Signing-Tool-Software-fig-7

Matakai na gaba sune kamar haka:

  • Zaɓi ɗaya daga cikin algorithms guda biyu.
  • Shigar da sigar hoto, wurin shigar hoton, da adireshin ɗaukar hoto.
  • Shigar da ƙimar tutar zaɓi.
    Wani fitarwa file Ana iya ƙayyade hanya idan an buƙata, ko danna shigar don ci gaba da wanda yake.
PKCS#11 mafita
  • Ana amfani da hotunan binaryar da aka rattaba hannu a lokacin amintaccen tsarin taya na STM32MP wanda ke goyan bayan amintaccen sarkar takalmin. Wannan aikin yana tabbatar da tantancewa da amincin hotunan da aka ɗora.
  • Umurnin sa hannu na gargajiya yana buƙatar samar da duk maɓallan jama'a da na sirri azaman shigarwa files. Waɗannan suna samun damar kai tsaye ga kowane mutumin da aka ba shi izinin aiwatar da sabis ɗin sa hannu. A ƙarshe, ana iya ɗaukar wannan a matsayin ɓoyayyen tsaro. Akwai mafita da yawa don kare maɓalli daga duk wani yunƙuri na satar mahimman bayanai. A cikin wannan mahallin, an karɓi maganin PKCS#11.
  • Ana iya amfani da PKCS#11 API don ɗauka da adana maɓallan sirri. Wannan haɗin gwiwar yana ƙayyadaddun yadda ake sadarwa tare da na'urorin sirri kamar HSMs (samfurin tsaro na hardware) da smartcards. Manufar waɗannan na'urori shine don samar da maɓallan sirri da sanya hannu akan bayanai ba tare da bayyana maɓalli na sirri ga duniyar waje ba.
  • Aikace-aikacen software na iya kiran API don amfani da waɗannan abubuwa don:
    • Ƙirƙirar maɓallan simmetric/asymmetric
    • Rufewa da ɓoyewa
    • Yin lissafi da kuma tabbatar da sa hannun dijital
  • PKCS #11 yana gabatar da aikace-aikace na gama-gari, mai ma'ana view na na'urar da ake kira alamar cryptographic kuma tana ba da ID na slot ga kowace alama. Aikace-aikacen yana gano alamar da yake son shiga ta hanyar tantance ID ɗin ramin da ya dace.
  • Ana amfani da STM32SigningTool don sarrafa mahimman abubuwan da aka adana akan smartcards da makamantan alamun tsaro na PKCS#11 inda maɓallan sirri masu mahimmanci ba sa barin na'urar.
  • STM32SigningTool yana amfani da mu'amalar PKCS#11 don sarrafawa da sanya hannu kan shigar da binaries dangane da maɓallan jama'a/na sirri na ECDSA. Ana adana waɗannan maɓallan a cikin alamun tsaro (hardware ko software).

Ƙarin umarni na PKCS#11

  • -module (-m)
    • Bayani: saka PKCS#11 module/Hanyar Laburare don lodawa (dll, haka)
    • Jumla:-m
  • -key-index (-ki)
    • -key-index (-ki)
    • Bayani: jerin maƙallan maɓallan da aka yi amfani da su a tsarin hex
      Yi amfani da fihirisa ɗaya don kai v1 da fihirisa takwas don kai v2 (rabu da sarari)
    • Daidaitawa: - ku
  • -slot-index (-si)
    • Bayani: Ƙayyade fihirisar ramin don amfani (tsoho 0x0)
    • Syntax:-si
  • -Active-keyIndex (-aki)
    • Bayani: saka ainihin maɓalli mai aiki (tsoho 0)
    • Daidaitawa: -aki <hexValue>

PKH/PKTH file tsara
Bayan aiwatar da aikin sa hannu, kayan aikin yana samar da PKH cikin tsari files don amfani bayan fuse OTP.

  • PKH file mai suna pkcsHashPublicKey0x{active_key_index}.bin don kai v1
  • PKTH file mai suna pkcsPublicKysHashHashes.bin don kai v2

Examples
Kayan aiki na iya sa hannu kan shigarwa files don duka v1 da kai v2, tare da ɗan ƙaramin bambanci a cikin layin umarni.

  • Babban v1 

    STM32MPx-Series-Signing-Tool-Software-fig-8

  • Babban v2 

    STM32MPx-Series-Signing-Tool-Software-fig-9

    • Kuskure akan layin umarni, ko gazawar kayan aiki don gano mahimman abubuwan da suka dace, yana haifar da bayyanar saƙon kuskure. Wannan yana nuna tushen matsalar.
    • Kayan aikin Sa hannu yana iya amfani da HSMs da aka riga aka tsara, kuma ba a tsara shi don sarrafa ko ƙirƙirar sabbin abubuwan tsaro ba. Don haka, ya zama dole a shigar da software kyauta don kafa yanayi mai dacewa. Ana iya ƙirƙirar maɓallan, da bayanai game da abubuwan da aka samu.

Kuskure exampda:

  • Fihirisar ramin da ba daidai baSTM32MPx-Series-Signing-Tool-Software-fig-10
  • Abun maɓalli wanda ba a sani ba wanda aka ambata a cikin umarnin-key-indexSTM32MPx-Series-Signing-Tool-Software-fig-11
    Kayan aiki yana kula da abubuwa a jere. Idan ba za ta iya gano maɓallan maɓalli ba a farkon gwaji, aikin sa hannu yana dakatar da aikin. Ana nuna saƙon kuskure don nuna tushen matsalar.

Tarihin bita

Kwanan wata Sigar Canje-canje
14-Fabrairu-2019 1 Sakin farko.
 

 

26-Nuwamba-2021

  

 

2

 An sabunta:

• Sashi na 2.1: Umarni

• Sashi na 2.2: ExampBayanan Bayani na STM32MP-SignTool

• Ƙara Sashe 2.4: PKCS#11 bayani
27-Yuni-2022 3 Sabunta Sashe 2.1: Umarni
 

 

 

26-Yuni-2024

  

 

 

4

 An maye gurbinsa a cikin duka daftarin aiki:

• jerin STM32MP1 ta jerin STM32MPx

• STM32MP1-SignTool ta STM32MP-SignTool

• STM32MP1-KeyGen ta STM32MP-KeyGen

An sabunta -Maɓallin jama'a -pubk da ƙara - sigar-header (-hv) da -no-keys (- nk) a cikin Sashe na 2.1: Umurnai.

Ƙara "Misali 6" a cikin Sashe na 2.2: ExampBayanan Bayani na STM32MP-SignTool.

MUHIMMAN SANARWA – KU KARANTA A HANKALI

  • STMicroelectronics NV da rassan sa ("ST") sun tanadi haƙƙin yin canje-canje, gyare-gyare, haɓakawa, gyare-gyare, da haɓakawa ga samfuran ST da/ko ga wannan takaddar a kowane lokaci ba tare da sanarwa ba. Ya kamata masu siye su sami sabbin bayanai masu dacewa akan samfuran ST kafin yin oda. Ana siyar da samfuran ST bisa ga sharuɗɗa da sharuɗɗan siyarwa na ST a wurin lokacin amincewa.
  • Masu siye ke da alhakin zaɓi, zaɓi, da amfani da samfuran ST kuma ST ba ta ɗaukar alhakin taimakon aikace-aikacen ko ƙirar samfuran masu siye.
  • Babu lasisi, bayyananne ko fayyace, ga kowane haƙƙin mallakar fasaha da ST ke bayarwa a nan.
  • Sake siyar da samfuran ST tare da tanadi daban-daban da bayanan da aka gindaya a ciki zai ɓata kowane garantin da ST ya bayar don irin wannan samfurin.
  • ST da tambarin ST alamun kasuwanci ne na ST. Don ƙarin bayani game da alamun kasuwanci na ST, koma zuwa www.st.com/trademarks. Duk sauran samfuran ko sunayen sabis mallakin masu su ne.
  • Bayanin da ke cikin wannan takarda ya maye gurbin bayanan da aka kawo a baya a cikin kowane juzu'in wannan takaddar.
    © 2024 STMicroelectronics – Duk haƙƙin mallaka

Takardu / Albarkatu

ST STM32MPx Jerin Kayan Aikin Sa hannu [pdf] Manual mai amfani
STM32MPx Jerin Sa hannu Software, STM32MPx Series, Sa hannu Software, Kayan aiki Software, Software

Magana

Labarai masu alaka

Bar sharhi

Ba za a buga adireshin imel ɗin ku ba. Ana yiwa filayen da ake buƙata alama *