Security3.0 的SOP 说明。
Security3.0的平台: 6789 6983, 6895 and later platform.
=====================生成efuse key相关文件==========================
cd vendor/mediatek/proprietary/scripts/sign-image_v2/der_extractor/
openssl genrsa -out root_prvk.pem 2048
python pem_to_der.py root_prvk.pem root_prvk.der
openssl rsa -in root_prvk.pem -pubout > root_pubk.pem
python pem_to_der.py root_pubk.pem root_pubk.der
openssl genrsa -out img_prvk.pem 2048
python pem_to_der.py img_prvk.pem img_prvk.der
openssl rsa -in img_prvk.pem -pubout > img_pubk.pem
python pem_to_der.py img_pubk.pem img_pubk.der
chmod +x der_extractor
./der_extractor root_pubk.der oemkey.h ANDROID_SBC
./der_extractor root_pubk.der dakey.h ANDROID_SBC
dakey.h里面oem改成DA,否则编译不过
Path | Enable | |
---|---|---|
Preloader | /vendor/mediatek/proprietary/bootable/bootloader/preloader/custom/{Project Name}/{Project Name}.mk | MTK_SECURITY_SW_SUPPORT=yes MTK_SECURITY_ANTI_ROLLBACK=yes \\Note:配置该项会打开anti-rollback MTK_SEC_BOOT = ATTR_SBOOT_ENABLE \\ATTR_SBOOT_ENABLE: always enable \\ATTR_SBOOT_ONLY_ENABLE_ON_SCHIP:enable depend on SBC_EN MTK_SEC_USBDL = ATTR_SUSBDL_ENABLE \\ATTR_SUSBDL_ENABLE: always enable) \\ ATTR_SUSBDL_ONLY_ENABLE_ON_SCHIP: enable depend on SBC_EN |
lk2 | /vendor/mediatek/proprietary/bootable/bootloader/lk2/project/{ Project name}.mk | MTK_SECURITY_SW_SUPPORT=yes MTK_SECURITY_ANTI_ROLLBACK=yes \\Note:配置该项会打开anti-rollback |
Kernel | /kernel-5.10/arch/arm64/configs/{Project Name}_defconfig /kernel-5.10/arch/arm64/configs/{Project Name}_debug_defconfig ( e.g. /kernel-5.10/arch/arm64/configs/k6983v1_64_defconfig) |
CONFIG_MTK_SECURITY_SW_SUPPORT=m |
/device/mediateksample/{PROJECT}/ko_order_table.csv | 在ko_order_table.csv新增如下配置: sec.ko,/drivers/misc/m |