0 Replies Latest reply on Jun 10, 2016 12:15 AM by jobs_intel

    How to Signing the rootfs tarball for secure boot


      SST sign-all command is used to sign the rootfs file with the owner root certificate and the vendor certificate and private key.


          Batch mode process boot-loader+kernel+rootfs+rpm images packed in tarball

          ./SST sign-all <options> <target>

          ./SST sign-all \
              [--mode=tarball] \
              [--owner-cert=./owner-cert.pem] [--vendor-cert=./vendor-cert.pem] [--verbose=no|yes]\
              [--priv-key=./vendor-private.pem] [--output=./srm-enabled-images.tar.bz2] \


      The options are as follows:


      Sign the tar file example.

      The following command uses the image for the intel-baytrail-64 BSP as an example:

      $ sudo ./SST sign-all –-mode=tarball \ --owner-cert=./ownerE-cert.pem –-verbose=no\ --vendor-cert=./vendorE-cert.pem \ --priv-key=./vendorE-private.pem \ --output=./signed-images.tar.bz2 \ ./wrlinux-image-idp-intel-baytrail-64.tar.bz2

      When the command completes successfully, the rootfs tar file wrlinux-image-idp-intel-baytrail-64.tar.bz2 is signed and the resulting output file is stored as signed-images.tar.bz2.



      Last Validated Info:

      IDP Version: 3.1

      RCPL: 0014

      Device: DK300