Packaging an update
Prerequisites
To package an update:
- A manifest.json file has to be prepared, that contains the correct file names and version strings.
- A public/private key pair has to be created.
The public key is embedded by the Image-Developer into the image and allows verification of the signatures created using the private key.
Key generation
The private and public key files are created using the STM32MP1-Keygen tool:
Key creation settings
It is important to run the tool like this: STM32MP_KeyGen_CLI -abs /home/user/KeyFolder/ -pwd <privateKeyPassword>
and to choose the prime256v1 elliptic curve.
The <privateKeyPassword>
is required to package the update zip file.
Preparation
The zip-File is created by the packager
tool.
Store all files together with the manifest.json
file and the packager
in one directory.
Adjust the manifest.json
file, so that it contains the desired version numbers.
Firmware Signing and Packaging Tool - (C) 2023 idastroem GmbH
-------------------------------------------------------------
Usage of ./packager:
-fortress-key string
private key for use with fortress server
-manifest string
manifest file that contains the update files and rules (default "manifest.json")
-password string
password for private key file
-privKey string
private key (default "privateKey.pem")
-zipfile string
output zip file name, file will be overwritten without further notice.
You must specify a valid zipfile name.
Running the packager
Start the packager by running the following command:
packager -password <privateKeyPassword> -zipfile update.zip
This creates the zip-file update.zip, which contains the ecdsa signatures for the files listed in manifest.json.
If everything succeeds, the following messages are printed out:
Firmware Signing and Packaging Tool - (C) 2023 idastroem GmbH
-------------------------------------------------------------
loading private key file 'privateKey.pem'
decryption successful
loading manifest file 'manifest.json'
+ adding file 'cc'
+ adding file 'm4.bin'
done.
generating signatures.json
+ hashing file 'm4.bin' (726e02df7affc0726b2ccc97261ba2735455786f59f83b116a60bc99694ae8f9)
+ signature is '3045022044746c0219025828f8ca89a34cd4dacb32be315ac5c8dc28dc98202bdc6f3d84022100ebfa10ee57ef88fcc8f4bfcc7138be5e5f1f356f90eb5975a310a9fd715a
c5f8'
+ verifying signature... 'true'
+ hashing file 'cc' (0f24cf1bb9297d9301f43f54fc8b04cdf2daa24ca875bcb0b2e8735d1df952ad)
+ signature is '3045022100d1a9f180e5265ceb657c15d38808cc0e87169ca980d758b2bf88465cf3565463022078f8ca7ce2c563632eafb3af92b85392d7f15b9b92cf0a8ea93808551636
7c14'
+ verifying signature... 'true'
+ hashing file 'manifest.json' (c78da59e288e6127cd3e88214c6e5e0945fde1d2895e795c826d906c01155131)
+ signature is '3045022001ae60f7afd9df4d63feb4e4aeaa9b1f582aabaa9682791636b0edd9299a8984022100aeb2b7b758136276018b650c7dbe55795bade015e996977d4290e700fd45
eafa'
+ verifying signature... 'true'
creating zip file 'update.zip'
done.
Depending on the chosen delivery method, you can now:
- Copy the update.zip file to an USB stick.
- Upload the update.zip to the fw-update cloud service.