wen/luban-lite-t3e-pro
1
0
Fork 0
mirror of https://gitee.com/Vancouver2017/luban-lite-t3e-pro.git synced 2025-12-17 11:58:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
dc2329642527c95df7181810bd50ffb0f391323f
luban-lite-t3e-pro/doc/topics/sdk/secure/spienc_function_d12x.html

645 lines
76 KiB
HTML
Raw Normal View History

first commit
2025-09-30 11:56:06 +08:00
<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-cn" lang="zh-cn" data-whc_version="26.0">
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="description" content="应用场景 本方案针对下列使用场景: 方案商提供主控芯片和开发好的固件给第三方生产商 生产, 方案商对自己的固件进行保护 方案商开发了包含某一功能的固件 生产商不进行开发,而使用方案商提供的固件 方案商为了保护自己的固件,会要求自己的固件只能在方案商授权的主控芯片上运行 他人不能通过拷贝 SPI NOR 上的固件在不经 方案商 授权的主控芯片上运行 方案介绍 本方案通过使用 AIC 主控的 ..."/><meta name="DC.rights.owner" content="(C) 版权 2025"/><meta name="copyright" content="(C) 版权 2025"/><meta name="generator" content="DITA-OT"/><meta name="DC.type" content="topic"/><meta name="DC.relation" content="../../../topics/sdk/secure/chapter-secure.html"/><meta name="DC.relation" content="../../../topics/sdk/secure/hw_authorization.html"/><meta name="DC.relation" content="../../../topics/sdk/secure/spienc_function_d13x.html"/><meta name="DC.contributor" content="yan.wang"/><meta name="DC.contributor" content="yan.wang"/><meta name="DC.creator" content="yan.wang"/><meta name="DC.date.modified" content="2024-01-15"/><meta name="DC.format" content="HTML5"/><meta name="DC.identifier" content="id"/><meta name="DC.language" content="zh-CN"/><title>防抄板-SPIENC-D12x</title><!-- Build number 2023110923. --><meta name="wh-path2root" content="../../../"/><meta name="wh-toc-id" content="id-d5856e1842"/><meta name="wh-source-relpath" content="topics/sdk/secure/spienc_function_d12x.dita"/><meta name="wh-out-relpath" content="topics/sdk/secure/spienc_function_d12x.html"/>
<link rel="stylesheet" type="text/css" href="../../../webhelp/app/commons.css?buildId=2023110923"/>
<link rel="stylesheet" type="text/css" href="../../../webhelp/app/topic.css?buildId=2023110923"/>
<script src="../../../webhelp/app/options/properties.js?buildId=20250121171154"></script>
<script src="../../../webhelp/app/localization/strings.js?buildId=2023110923"></script>
<script src="../../../webhelp/app/search/index/keywords.js?buildId=20250121171154"></script>
<script defer="defer" src="../../../webhelp/app/commons.js?buildId=2023110923"></script>
<script defer="defer" src="../../../webhelp/app/topic.js?buildId=2023110923"></script>
<link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-styles-web.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/notes.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-common.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-images.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/footnote.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-web-watermark.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/topic-body-list.css?buildId=2023110923"/></head>
<body id="id" class="wh_topic_page frmBody">
<a href="#wh_topic_body" class="sr-only sr-only-focusable">
跳转到主要内容
</a>
<header class="navbar navbar-default wh_header">
<div class="container-fluid">
<div class="wh_header_flex_container navbar-nav navbar-expand-md navbar-dark">
<div class="wh_logo_and_publication_title_container">
<div class="wh_logo_and_publication_title">
<a href="http://www.artinchip.com" class=" wh_logo d-none d-sm-block "><img src="../../../company-logo-white.png" alt="RTOS SDK 使用指南SDK 指南文件"/></a>
<div class=" wh_publication_title "><a href="../../../index.html"><span class="booktitle"><span class="ph mainbooktitle">RTOS SDK 使用指南</span><span class="ph booktitlealt">SDK 指南文件</span></span></a></div>
</div>
</div>
<div class="wh_top_menu_and_indexterms_link collapse navbar-collapse" id="wh_top_menu_and_indexterms_link">
</div>
</div>
</div>
</header>
<div class=" wh_search_input navbar-form wh_topic_page_search search " role="form">
<form id="searchForm" method="get" role="search" action="../../../search.html"><div><input type="search" placeholder="搜索 " class="wh_search_textfield" id="textToSearch" name="searchQuery" aria-label="搜索查询" required="required"/><button type="submit" class="wh_search_button" aria-label="搜索"><span class="search_input_text">搜索</span></button></div></form>
</div>
<div class="container-fluid" id="wh_topic_container">
<div class="row">
<nav class="wh_tools d-print-none navbar-expand-md" aria-label="Tools">
<div data-tooltip-position="bottom" class=" wh_breadcrumb "><ol class="d-print-none"><li><span class="home"><a href="../../../index.html"><span>主页</span></a></span></li><li><div class="topicref" data-id="concept_rcx_czh_pzb"><div class="title"><a href="../../../topics/sdk/chapter-app.html">应用场景</a><div class="wh-tooltip"><p class="shortdesc">描述了 SDK 在不同应用场景中的配置和使用包括系统更新、OTA、安全方案等。</p></div></div></div></li><li><div class="topicref" data-id="id"><div class="title"><a href="../../../topics/sdk/secure/chapter-secure.html">安全方案</a></div></div></li><li class="active"><div class="topicref" data-id="id"><div class="title"><a href="../../../topics/sdk/secure/spienc_function_d12x.html">防抄板-SPIENC-D12x</a></div></div></li></ol></div>
<div class="wh_right_tools">
<button class="wh_hide_highlight" aria-label="切换搜索突出显示" title="切换搜索突出显示"></button>
<button class="webhelp_expand_collapse_sections" data-next-state="collapsed" aria-label="折叠截面" title="折叠截面"></button>
<div class=" wh_navigation_links "><span id="topic_navigation_links" class="navheader">
<span class="navprev"><a class="- topic/link link" href="../../../topics/sdk/secure/hw_authorization.html" title="硬件授权认证" aria-label="上一主题: 硬件授权认证" rel="prev"></a></span>
<span class="navnext"><a class="- topic/link link" href="../../../topics/sdk/secure/spienc_function_d13x.html" title="防抄板-SPIENC-D13x" aria-label="下一主题: 防抄板-SPIENC-D13x" rel="next"></a></span> </span></div>
<div class=" wh_print_link print d-none d-md-inline-block "><button onClick="window.print()" title="打印此页" aria-label="打印此页"></button></div>
<button type="button" id="wh_toc_button" class="custom-toggler navbar-toggler collapsed wh_toggle_button navbar-light" aria-expanded="false" aria-label="Toggle publishing table of content" aria-controls="wh_publication_toc">
<span class="navbar-toggler-icon"></span>
</button>
</div>
</nav>
</div>
<div class="wh_content_area">
<div class="row">
<nav id="wh_publication_toc" class="col-lg-3 col-md-3 col-sm-12 d-md-block d-none d-print-none" aria-label="Table of Contents Container">
<div id="wh_publication_toc_content">
<div class=" wh_publication_toc " data-tooltip-position="right"><span class="expand-button-action-labels"><span id="button-expand-action" role="button" aria-label="Expand"></span><span id="button-collapse-action" role="button" aria-label="Collapse"></span><span id="button-pending-action" role="button" aria-label="Pending"></span></span><ul role="tree" aria-label="Table of Contents"><li role="treeitem"><div data-tocid="revinfo_linux-d5856e989" class="topicref" data-id="revinfo_linux" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/revinfo/revinfo_rtos.html" id="revinfo_linux-d5856e989-link">修订记录</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1003" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1003-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/env/sdk-compile.html" id="id-d5856e1003-link">SDK 编译</a><div class="wh-tooltip"><p class="shortdesc">介绍不同编译环境下 SDK 的详细编译流程。</p></div></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1152" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1152-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/advanced/sdk-usage.html" id="id-d5856e1152-link">使用指南</a><div class="wh-tooltip"><p class="shortdesc">系统镜像、编译选项、开发板、应用等相关的详细使用说明。</p></div></div></div></li><li role="treeitem" aria-expanded="true"><div data-tocid="concept_rcx_czh_pzb-d5856e1416" class="topicref" data-id="concept_rcx_czh_pzb" data-state="expanded"><span role="button" tabindex="0" aria-labelledby="button-collapse-action concept_rcx_czh_pzb-d5856e1416-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/chapter-app.html" id="concept_rcx_czh_pzb-d5856e1416-link">应用场景</a><div class="wh-tooltip"><p class="shortdesc">描述了 SDK 在不同应用场景中的配置和使用包括系统更新、OTA、安全方案等。</p></div></div></div><ul role="group" class="navbar-nav nav-list"><li role="treeitem"><div data-tocid="id-d5856e1431" class="topicref" data-id="id" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/usb/udisk.html" id="id-d5856e1431-link">挂载 U 盘 </a></div></div></li><li role="treeitem"><div data-tocid="id-d5856e1443" class="topicref" data-id="id" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/sdmc/sdcard.html" id="id-d5856e1443-link">挂载 SD 卡</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1455" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1455-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/burnsys/burnsys_user_guide.html" id="id-d5856e1455-link">系统更新</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1553" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1553-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/ota/ota_guide.html" id="id-d5856e1553-link">OTA 方案</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1657" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1657-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/xip/xip_user_guide.html" id="id-d5856e1657-link">XIP 方案 </a></div></div></li><li role="treeitem"><div data-tocid="id-d5856e1734" class="topicr
</div>
</nav>
<div class="col-lg-7 col-md-9 col-sm-12" id="wh_topic_body">
<button id="wh_close_publication_toc_button" class="close-toc-button d-none" aria-label="Toggle publishing table of content" aria-controls="wh_publication_toc" aria-expanded="true">
<span class="close-toc-icon-container">
<span class="close-toc-icon"></span>
</span>
</button>
<button id="wh_close_topic_toc_button" class="close-toc-button d-none" aria-label="Toggle topic table of content" aria-controls="wh_topic_toc" aria-expanded="true">
<span class="close-toc-icon-container">
<span class="close-toc-icon"></span>
</span>
</button>
<div class=" wh_topic_content body "><main role="main"><article class="- topic/topic topic" role="article" aria-labelledby="ariaid-title1"><span class="edit-link" style="font-size:12px; opacity:0.6; text-align:right; vertical-align:middle"><a target="_blank" href="http://172.16.35.88/tasks/jdssno1uvvbf2mltu9kb9v3if05d5gopuakboe8hlud18rma/edit/F:/aicdita/aicdita-cn/topics/sdk/secure/spienc_function_d12x.dita">Edit online</a></span><h1 class="- topic/title title topictitle1" id="ariaid-title1">防抄板-SPIENC-D12x</h1><div class="date inPage">15 Jan 2024</div><div style="color: gray;">
Read time: 9 minute(s)
</div><div class="- topic/body body"><section class="- topic/section section" id="id__section_sw1_bvp_pdc" data-ofbid="id__section_sw1_bvp_pdc"><h2 class="- topic/title title sectiontitle">应用场景</h2>
<p class="- topic/p p" data-ofbid="d79035e26__20250121171525"> 本方案针对下列使用场景:</p>
<ul class="- topic/ul ul simple" id="id__ul_an4_dp4_fdc" data-ofbid="id__ul_an4_dp4_fdc"><li class="- topic/li li" data-ofbid="d79035e30__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e32__20250121171525">方案商提供主控芯片和开发好的固件给第三方生产商 生产, 方案商对自己的固件进行保护</p>
</li><li class="- topic/li li" data-ofbid="d79035e35__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e37__20250121171525">方案商开发了包含某一功能的固件</p>
</li><li class="- topic/li li" data-ofbid="d79035e40__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e42__20250121171525">生产商不进行开发,而使用方案商提供的固件</p>
</li><li class="- topic/li li" data-ofbid="d79035e45__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e47__20250121171525">方案商为了保护自己的固件,会要求自己的固件只能在方案商授权的主控芯片上运行</p>
</li><li class="- topic/li li" data-ofbid="d79035e50__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e52__20250121171525">他人不能通过拷贝 SPI NOR 上的固件在不经 <code class="+ topic/ph pr-d/codeph ph codeph">方案商</code> 授权的主控芯片上运行</p>
</li></ul>
</section><section class="- topic/section section" id="id__id2" data-ofbid="id__id2"><h2 class="- topic/title title sectiontitle">方案介绍</h2>
<div class="- topic/div div">
<p class="- topic/p p" id="id__p_ppw_qsd_jdc" data-ofbid="id__p_ppw_qsd_jdc">本方案通过使用 AIC 主控的 SPIENC
总线加密功能以及安全启动功能来实现防抄板,结合实际使用的需求,提供对应的软件方案。</p>
<div class="- topic/div div" id="id__div_v32_nsd_jdc"><strong class="+ topic/ph hi-d/b ph b">SPIENC 总线加密</strong><p class="- topic/p p" data-ofbid="d79035e72__20250121171525">SPIENC 总线加密功能是一个芯片硬件支持的安全功能,芯片使能了
SPIENC 后,内部的 SPIENC 模块对 SPI 总线上传输的数据进行实时的加密或解密,即对写出去的数据进行 AES 加密,读回来的数据进行
AES 解密, 使得保存在 Flash 上的数据总是密文。</p><p class="- topic/p p" data-ofbid="d79035e74__20250121171525">SPIENC 进行加解密时,使用芯片 eFuse
中特定密钥区域中的密钥对数据进行加密和解密,该密钥区域可以做到烧录后 CPU 不可读写,在芯片内部也仅有 SPIENC
模块能够访问,因此可以做到硬件安全保密。</p><div class="- topic/p p" data-ofbid="d79035e76__20250121171525">启用 SPIENC 的工作为:<ul class="- topic/ul ul simple" id="id__ul_bn4_dp4_fdc" data-ofbid="id__ul_bn4_dp4_fdc"><li class="- topic/li li" data-ofbid="d79035e79__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e81__20250121171525"> 在芯片中烧录特有的的 AES 密钥,并且将相关密钥区域设置为仅 SPIENC 可访问。</p>
</li><li class="- topic/li li" data-ofbid="d79035e84__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e86__20250121171525"> 提供对应的加密固件。</p>
</li><li class="- topic/li li" data-ofbid="d79035e89__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e91__20250121171525">对 AES 密钥进行妥善管理,防止泄露。</p>
</li></ul></div><p class="- topic/p p" data-ofbid="d79035e94__20250121171525">此时芯片和对应的固件就被绑定在一起,提供出去的固件,只能运行在烧录了对应加密密钥的芯片上;
烧录了密钥的芯片,也只能运行使用对应密钥加密后的固件。</p></div>
</div>
</section><section class="- topic/section section" id="id__section_gvt_wvp_pdc" data-ofbid="id__section_gvt_wvp_pdc"><h2 class="- topic/title title sectiontitle">开启防抄板功能</h2>
<div class="- topic/div div" id="id__div_zxc_55d_jdc">
<p class="- topic/p p" data-ofbid="d79035e105__20250121171525">如需开启防抄版功能,执行下列步骤:</p>
<ol class="- topic/ol ol simple" id="id__ul_cn4_dp4_fdc" data-ofbid="id__ul_cn4_dp4_fdc"><li class="- topic/li li" data-ofbid="d79035e109__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e111__20250121171525">编译一个烧录 eFuse 的 BootLoader该固件只完成对出货的芯片烧录相关的 eFuse 和密钥,并使能 SPIENC
和安全启动功能</p>
<div class="- topic/p p" data-ofbid="d79035e114__20250121171525">通过运行特定 eFuse 烧录程序,对芯片进行 eFuse 烧录。<ol class="- topic/ol ol simple" type="a" id="id__ul_dn4_dp4_fdc" data-ofbid="id__ul_dn4_dp4_fdc"><li class="- topic/li li" data-ofbid="d79035e117__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e119__20250121171525">通过修改 BootLoader 的代码,将烧录 eFuse 的程序集成到 BootLoader 中。</p>
</li><li class="- topic/li li" data-ofbid="d79035e122__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e124__20250121171525"><a class="- topic/xref xref" href="../../../reusables/reused-topics/../../topics/sdk/secure/spienc_function_d12x.html#id__section_bmh_mq4_fdc">编译生成烧录 eFuse 专用的固件。</a></p>
</li><li class="- topic/li li" data-ofbid="d79035e129__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e131__20250121171525">上电刷机, BootLoader 程序会仅烧录对应的 eFuse 域成功后退出。</p>
</li><li class="- topic/li li" data-ofbid="d79035e134__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e136__20250121171525">可以用 AiBurn 刷机,也可以用 SD 卡等存储介质刷机。</p>
</li></ol></div>
</li><li class="- topic/li li" data-ofbid="d79035e140__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e142__20250121171525">编译一个进行了加密的<a class="- topic/xref xref" href="../../../reusables/reused-topics/../../topics/sdk/secure/spienc_function_d12x.html#id__section_m1w_mq4_fdc">量产固件</a>,该量产固件可以发放给生产商。</p>
</li><li class="- topic/li li" data-ofbid="d79035e149__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e151__20250121171525">生产商使用方案商提供的主控进行生产,烧录方案商提供的固件。</p>
</li></ol>
</div>
</section><section class="- topic/section section" id="id__section_bmh_mq4_fdc" data-ofbid="id__section_bmh_mq4_fdc"><h2 class="- topic/title title sectiontitle">生成 eFuse 烧录固件</h2>
<div class="- topic/div div">
<p class="- topic/p p" data-ofbid="d79035e163__20250121171525">使用 SPIENC 加密功能,需要用到一个 128 位的 AES 密钥,并将其烧录到芯片 eFuse
中。在制作加密镜像时,也需要使用密钥,因此确保密钥保持不变且已妥善管理, 以免泄露。</p>
<div class="- topic/div div">
<div class="- topic/p p" data-ofbid="d79035e168__20250121171525">本节以 d12x_demo66-nor 开发板为例,描述了生成 eFuse 烧录程序的详细流程。在示例方案中,提供了下列用于生成密钥的脚本:<ul class="- topic/ul ul" id="id__ul_hnm_l42_jdc" data-ofbid="id__ul_hnm_l42_jdc"><li class="- topic/li li" data-ofbid="d79035e171__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e173__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">lite/target/d12x/demo68-nor/pack/keys/gen_spienc_key.sh</span></p>
</li></ul></div>
</div>
</div>
<div class="- topic/div div section" id="id__efuse">执行下列步骤,可以生成 eFuse 烧录程序:<ol class="- topic/ol ol" id="id__ol_b5f_vq4_fdc" data-ofbid="id__ol_b5f_vq4_fdc"><li class="- topic/li li" data-ofbid="d79035e183__20250121171525">
<div class="- topic/div div section" id="id__id4">
<strong class="+ topic/ph hi-d/b ph b">生成密钥</strong>
<div class="- topic/p p" data-ofbid="d79035e190__20250121171525">根据运行环境执行对应命令,运行生成密钥的脚本:<ul class="- topic/ul ul" id="id__ul_pwh_3vd_jdc" data-ofbid="id__ul_pwh_3vd_jdc"><li class="- topic/li li" data-ofbid="d79035e193__20250121171525"><strong class="+ topic/ph hi-d/b ph b">Linux 环境</strong>下:<ol class="- topic/ol ol" type="a" id="id__ol_mp2_s42_jdc" data-ofbid="id__ol_mp2_s42_jdc"><li class="- topic/li li" data-ofbid="d79035e199__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e201__20250121171525">确保已经安装 OpenSSL。如未安装可执行以下命令进行安装</p>
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_x1g_s42_jdc" data-ofbid="id__pre_x1g_s42_jdc">sudo apt-get install openssl</pre>
</li><li class="- topic/li li" data-ofbid="d79035e207__20250121171525">
<div class="- topic/p p" data-ofbid="d79035e209__20250121171525">使用下列命令运行脚本生成所需的密钥文件和头文件:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__codeblock_ifx_lr2_jdc" data-ofbid="id__codeblock_ifx_lr2_jdc">cd <var class="+ topic/keyword sw-d/varname keyword varname">SDK_ROOT</var>/lite/target/d12x/demo66-nor/pack/keys/
./gen_spienc_key.sh</pre></div>
<div class="- topic/p p" data-ofbid="d79035e217__20250121171525">生成的文件如下所示:<ul class="- topic/ul ul" id="id__ul_ovx_n52_jdc" data-ofbid="id__ul_ovx_n52_jdc"><li class="- topic/li li" data-ofbid="d79035e220__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e222__20250121171525">AES 密钥 <span class="+ topic/ph sw-d/filepath ph filepath">spi_aes.key</span></p>
</li><li class="- topic/li li" data-ofbid="d79035e227__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e229__20250121171525">对应的 C 语言头文件
<span class="+ topic/ph sw-d/filepath ph filepath">spi_aes_key.h</span></p>
</li></ul></div>
</li><li class="- topic/li li" data-ofbid="d79035e235__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e237__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">spi_aes_key.h</span> 文件复制粘贴至
<span class="+ topic/ph sw-d/filepath ph filepath">lite/bsp/examples_bare/test-efuse/</span>
目录中,供编译烧录 eFuse 的程序时使用。</p>
<p class="- topic/p p" data-ofbid="d79035e246__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">spi_aes.key</span> 则保留在
<span class="+ topic/ph sw-d/filepath ph filepath">lite/target/d12x/demo66-nor/pack/keys/</span>,在
<span class="+ topic/ph sw-d/filepath ph filepath">mk_image.py</span> 生成加密固件时使用。</p>
<div class="- topic/note note important note_important" id="id__note_y45_1p2_jdc" data-ofbid="id__note_y45_1p2_jdc"><span class="note__title">重要:</span>
生成的密钥请妥善保管,以免丢失或者泄露。</div>
</li></ol></li><li class="- topic/li li" data-ofbid="d79035e260__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e262__20250121171525"><strong class="+ topic/ph hi-d/b ph b">Windows 环境</strong> 下:</p>
<div class="- topic/p p" data-ofbid="d79035e268__20250121171525">
<ol class="- topic/ol ol arabic simple" type="a" id="id__ol_in4_dp4_fdc" data-ofbid="id__ol_in4_dp4_fdc"><li class="- topic/li li" data-ofbid="d79035e271__20250121171525">
<div class="- topic/p p" data-ofbid="d79035e273__20250121171525">运行脚本生成一个 AES 密钥
<span class="+ topic/ph sw-d/filepath ph filepath">spi_aes.key</span>,并且生成对应的 C 语言头文件
<span class="+ topic/ph sw-d/filepath ph filepath">spi_aes_key.h</span><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__codeblock_ub5_jp2_jdc" data-ofbid="id__codeblock_ub5_jp2_jdc">cd <var class="+ topic/keyword sw-d/varname keyword varname">SDK_ROOT</var>/lite/target/d12x/demo66-nor/pack/keys/
./gen_spienc_key.sh</pre><dl class="- topic/dl dl" id="id__dl_vb5_jp2_jdc" data-ofbid="id__dl_vb5_jp2_jdc"><dt class="- topic/dt dt dlterm" data-ofbid="d79035e288__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">spi_aes.key</span>:</dt><dd class="- topic/dd dd">
<p class="- topic/p p" data-ofbid="d79035e294__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">mk_image.py</span>
生成加密固件时使用。</p>
</dd><dt class="- topic/dt dt dlterm" data-ofbid="d79035e301__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">spi_aes_key.h</span>:</dt><dd class="- topic/dd dd">
<p class="- topic/p p" data-ofbid="d79035e307__20250121171525">复制到
<span class="+ topic/ph sw-d/filepath ph filepath">lite/bsp/examples_bare/test-efuse/spi_aes_key.h</span></p>
<p class="- topic/p p" data-ofbid="d79035e312__20250121171525">在编译烧录 eFuse 的程序时使用。</p>
</dd></dl></div>
<div class="- topic/note note important note_important" id="id__note_wb5_jp2_jdc" data-ofbid="id__note_wb5_jp2_jdc"><span class="note__title">重要:</span>
生成的密钥请妥善保管,以免丢失或者泄露。</div>
</li><li class="- topic/li li" data-ofbid="d79035e319__20250121171525">
<div class="- topic/p p" data-ofbid="d79035e321__20250121171525">将下列文件复制到 Windows 的 SDK 目录:<ul class="- topic/ul ul" id="id__ul_ilj_dq2_jdc" data-ofbid="id__ul_ilj_dq2_jdc"><li class="- topic/li li" data-ofbid="d79035e324__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e326__20250121171525">
<span class="+ topic/ph sw-d/filepath ph filepath">SDK/target/d12x/demo66-nor/pack/keys/</span>
复制到 Window SDK 对应目录中。</p>
</li><li class="- topic/li li" data-ofbid="d79035e332__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e334__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">keys</span> 下的
<span class="+ topic/ph sw-d/filepath ph filepath">spi_aes_key.h</span> 文件复制粘贴至
<span class="+ topic/ph sw-d/filepath ph filepath">SDK/bsp/examples_bare/test-efuse/spi_aes_key.h</span>
目录中。</p>
</li></ul></div>
</li></ol>
</div>
</li></ul></div></div>
</li><li class="- topic/li li" data-ofbid="d79035e350__20250121171525">
<div class="- topic/div div section" id="id__id5">
<strong class="+ topic/ph hi-d/b ph b">编译程序</strong>
<p class="- topic/p p" data-ofbid="d79035e357__20250121171525">按照以下步骤配置和编译 BootLoader并生成烧录固件。</p><ol class="- topic/ol ol" type="a" id="id__ol_b3x_nv2_jdc" data-ofbid="id__ol_b3x_nv2_jdc"><li class="- topic/li li" data-ofbid="d79035e360__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e362__20250121171525">应用 BootLoader 的配置:</p>
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_jn4_dp4_fdc" data-ofbid="id__pre_jn4_dp4_fdc">cd &lt;SDK_ROOT&gt;
scons --apply-def d12x_demo66-nor_baremetal_bootloader_defconfig</pre>
</li><li class="- topic/li li" data-ofbid="d79035e368__20250121171525">
<div class="- topic/p p" data-ofbid="d79035e370__20250121171525">打开 BootLoader 的 menuconfig
菜单:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_kn4_dp4_fdc" data-ofbid="id__pre_kn4_dp4_fdc">scons --menuconfig
</pre></div>
</li><li class="- topic/li li" data-ofbid="d79035e375__20250121171525">
<div class="- topic/p p" data-ofbid="d79035e377__20250121171525">勾选或确认已勾选下列选项:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_ln4_dp4_fdc" data-ofbid="id__pre_ln4_dp4_fdc">AIC_USING_SID
AIC_SID_BARE_TEST
AIC_USING_SPIENC
AIC_SPIENC_BYPASS_IN_UPGMODE
</pre></div>
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_mn4_dp4_fdc" data-ofbid="id__pre_mn4_dp4_fdc">Board options ---&gt;
[*] Using Spienc
[*] Bypass during bootloader burn image
[*] Enc qspi0
(<span class="hl-number">0</span>) set qspi0 tweak
[*] Using Efuse/SID
</pre>
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_nn4_dp4_fdc" data-ofbid="id__pre_nn4_dp4_fdc">Drivers options ---&gt;
Drivers examples ---&gt;
[*] Enable SID driver test command
</pre>
</li><li class="- topic/li li" data-ofbid="d79035e388__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e390__20250121171525">修改代码使能 SPIENC</p>
<ul class="- topic/ul ul" id="id__ul_zcv_1w2_jdc" data-ofbid="id__ul_zcv_1w2_jdc"><li class="- topic/li li" data-ofbid="d79035e394__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e396__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">bsp/examples_bare/test-efuse/efuse_burn_spienc_key_cmd.c</span></p>
<p class="- topic/p p" data-ofbid="d79035e401__20250121171525">使能文件开头的
<span class="+ topic/keyword pr-d/parmname keyword parmname">D12X_BURN_SPIENC_KEY_ENABLE</span>
定义。</p>
<div class="- topic/note note note note_note" id="id__note_lwf_5v2_jdc" data-ofbid="id__note_lwf_5v2_jdc"><span class="note__title">注:</span>
<p class="- topic/p p" data-ofbid="d79035e409__20250121171525">如果不需要关闭 JTAG可以将
<span class="+ topic/keyword pr-d/apiname keyword apiname">burn_jtag_lock_bit()</span>
相关的调用注释掉。</p>
</div>
</li><li class="- topic/li li" data-ofbid="d79035e416__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e418__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">application/baremetal/bootloader/main.c</span>:</p>
<div class="- topic/p p" data-ofbid="d79035e423__20250121171525"><code class="+ topic/ph pr-d/codeph ph codeph">console_set_usrname</code>
之后,添加上一个命令执行代码,<code class="+ topic/ph pr-d/codeph ph codeph">console_run_cmd(“efuse_spienc”);</code>
如下所示。<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__codeblock_uts_cw2_jdc" data-ofbid="id__codeblock_uts_cw2_jdc"><strong class="hl-keyword">int</strong> main(<strong class="hl-keyword">void</strong>)
{
console_init();
console_set_usrname(<span class="hl-string">"aic"</span>);
console_run_cmd(<span class="hl-string">"efuse_spienc"</span>); <em class="hl-comment">// 加上此句</em>
...
}</pre></div>
</li></ul>
</li><li class="- topic/li li" data-ofbid="d79035e435__20250121171525">
<div class="- topic/p p" data-ofbid="d79035e437__20250121171525">执行下列命令编译程序
BootLoader:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_rn4_dp4_fdc" data-ofbid="id__pre_rn4_dp4_fdc">scons</pre></div>
</li><li class="- topic/li li" data-ofbid="d79035e442__20250121171525">
<div class="- topic/p p" data-ofbid="d79035e444__20250121171525">编译程序 APP
并且生成烧录固件:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_sn4_dp4_fdc" data-ofbid="id__pre_sn4_dp4_fdc">scons --apply-def=d12x_demo66-nor_rt-thread_helloworld_defconfig
</pre><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__codeblock_r2v_m5p_pdc" data-ofbid="id__codeblock_r2v_m5p_pdc">scons
</pre></div>
<p class="- topic/p p" data-ofbid="d79035e451__20250121171525"> 编译结果保存在
<span class="+ topic/ph sw-d/filepath ph filepath">SDK/output/d12x_demo66-nor_rt-thread_helloworld/images</span>
目录中。</p>
</li></ol>
</div>
</li><li class="- topic/li li" data-ofbid="d79035e459__20250121171525">
<div class="- topic/div div section" id="id__aiburn">
<strong class="+ topic/ph hi-d/b ph b">AiBurn 卡烧录</strong><p class="- topic/p p" data-ofbid="d79035e465__20250121171525">使用 AiBurn 烧录
<span class="+ topic/ph sw-d/filepath ph filepath">outputd12x_demo68-nor_rt-thread_helloworldimagesd12x_demo68-nor_v1.0.0.img</span>
固件。</p>
</div>
</li><li class="- topic/li li" data-ofbid="d79035e472__20250121171525">
<div class="- topic/div div section" id="id__sd">
<strong class="+ topic/ph hi-d/b ph b">SD 卡烧录</strong>
<p class="- topic/p p" data-ofbid="d79035e479__20250121171525">准备一张 SD 卡,确保该卡只有一个分区,并且格式化为 FAT32/ exFAT 文件系统。</p><p class="- topic/p p" data-ofbid="d79035e481__20250121171525"> 将编译输出目录下的文件复制到
SD 卡的根目录:</p><ul class="- topic/ul ul simple" id="id__ul_vn4_dp4_fdc" data-ofbid="id__ul_vn4_dp4_fdc"><li class="- topic/li li" data-ofbid="d79035e484__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e486__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span></p>
</li><li class="- topic/li li" data-ofbid="d79035e490__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e492__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">bootloader.aic</span></p>
</li></ul><p class="- topic/p p" data-ofbid="d79035e496__20250121171525">并且将 <span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span>
中的内容修改为:</p><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_wn4_dp4_fdc" data-ofbid="id__pre_wn4_dp4_fdc">boot0=bootloader.aic
</pre><p class="- topic/p p" data-ofbid="d79035e503__20250121171525">将该卡插到板卡中,上电运行,即可完成相关 eFuse 的烧录。</p></div>
</li></ol></div>
</section><section class="- topic/section section" id="id__section_m1w_mq4_fdc" data-ofbid="id__section_m1w_mq4_fdc"><h2 class="- topic/title title sectiontitle">量产固件</h2>
<div class="- topic/p p" data-ofbid="d79035e512__20250121171525">
<div class="- topic/div div section" id="id__id6">
<div class="- topic/p p" data-ofbid="d79035e516__20250121171525"> 编译加密的量产固件,分为几个步骤:<ol class="- topic/ol ol" id="id__ol_hgj_yq4_fdc" data-ofbid="id__ol_hgj_yq4_fdc"><li class="- topic/li li" data-ofbid="d79035e519__20250121171525">
<div class="- topic/div div section" id="id__bootloader">
<strong class="+ topic/ph hi-d/b ph b">Boot Loader 配置</strong>
<ol class="- topic/ol ol" type="a" id="id__ol_uqj_2wp_pdc" data-ofbid="id__ol_uqj_2wp_pdc"><li class="- topic/li li" data-ofbid="d79035e527__20250121171525">进入 SDK
根目录:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_f44_dp4_fdc" data-ofbid="id__pre_f44_dp4_fdc">cd &lt;SDK_ROOT&gt;</pre></li><li class="- topic/li li" data-ofbid="d79035e531__20250121171525">在 SDK
根目录,执行下列命令:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_zn4_dp4_fdc" data-ofbid="id__pre_zn4_dp4_fdc">scons --apply-def=d12x_demo66-nor_baremetal_bootloader_defconfig
</pre></li><li class="- topic/li li" data-ofbid="d79035e535__20250121171525">
<div class="- topic/p p" data-ofbid="d79035e537__20250121171525">打开 Boot Loader 的 menuconfig
菜单:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_a44_dp4_fdc" data-ofbid="id__pre_a44_dp4_fdc">scons --menuconfig
</pre></div>
</li><li class="- topic/li li" data-ofbid="d79035e542__20250121171525"><p class="- topic/p p" data-ofbid="d79035e543__20250121171525">勾选或确认已勾选下列选项:</p><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_b44_dp4_fdc" data-ofbid="id__pre_b44_dp4_fdc">AIC_USING_SPIENC
AIC_SPIENC_BYPASS_IN_UPGMODE
</pre>配置界面示例:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_c44_dp4_fdc" data-ofbid="id__pre_c44_dp4_fdc">Board options ---&gt;
[*] Using Spienc
[*] Bypass during bootloader burn image
[*] Enc qspi0
(<span class="hl-number">0</span>) set qspi0 tweak
[*] Using Efuse/SID
</pre><div class="- topic/note note note note_note" id="id__note_ts1_ghf_jdc" data-ofbid="id__note_ts1_ghf_jdc"><span class="note__title">注:</span>
<p class="- topic/p p" data-ofbid="d79035e552__20250121171525">编译量产固件时,需将编译烧录 eFuse 程序时的代码修改还原。</p>
</div></li><li class="- topic/li li" data-ofbid="d79035e555__20250121171525">
<div class="- topic/p p" data-ofbid="d79035e557__20250121171525">在正式发布的固件中,建议删除下列功能,防止攻击者通过控制台读出 Flash 中的数据:
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_d44_dp4_fdc" data-ofbid="id__pre_d44_dp4_fdc">AIC_BOOTLOADER_CMD_MTD
AIC_MTD_BARE_TEST
</pre></div>
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_e44_dp4_fdc" data-ofbid="id__pre_e44_dp4_fdc">BootLoader options ---&gt;
Commands ---&gt;
[ ] mtd read/write
Drivers options ---&gt;
Drivers examples ---&gt;
[ ] Enable MTD driver test command
</pre>
</li></ol></div>
</li><li class="- topic/li li" data-ofbid="d79035e566__20250121171525">
<div class="- topic/div div section" id="id__id7">
<strong class="+ topic/ph hi-d/b ph b">应用程序配置</strong>
<ol class="- topic/ol ol" type="a" id="id__ol_yjd_kwp_pdc" data-ofbid="id__ol_yjd_kwp_pdc"><li class="- topic/li li" data-ofbid="d79035e574__20250121171525">进入 SDK
根目录:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__codeblock_yjf_lwp_pdc" data-ofbid="id__codeblock_yjf_lwp_pdc">cd &lt;SDK_ROOT&gt;</pre></li><li class="- topic/li li" data-ofbid="d79035e578__20250121171525">在 SDK
根目录,执行下列命令:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__codeblock_wn2_3gp_pdc" data-ofbid="id__codeblock_wn2_3gp_pdc">scons --apply-def=d12x_demo66-nor_rt-thread_helloworld_defconfig
</pre></li><li class="- topic/li li" data-ofbid="d79035e582__20250121171525">
<div class="- topic/p p" data-ofbid="d79035e584__20250121171525">打开 Application 的 menuconfig
菜单:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_g44_dp4_fdc" data-ofbid="id__pre_g44_dp4_fdc">scons --menuconfig</pre></div>
</li><li class="- topic/li li" data-ofbid="d79035e589__20250121171525">
<div class="- topic/p p" data-ofbid="d79035e591__20250121171525">勾选或确认已勾选下列选项:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_h44_dp4_fdc" data-ofbid="id__pre_h44_dp4_fdc">AIC_USING_SPIENC</pre><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_i44_dp4_fdc" data-ofbid="id__pre_i44_dp4_fdc">Board options ---&gt;
[*] Using Spienc
[*] Enc qspi0
(<span class="hl-number">0</span>) set qspi0 tweak
</pre></div>
</li><li class="- topic/li li" data-ofbid="d79035e598__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e600__20250121171525">在正式版本的固件中,建议删除
<span class="+ topic/ph sw-d/filepath ph filepath">kernel/rt-thread/components/drivers/spi/spi_flash_sfud.c</span>中的
<span class="+ topic/keyword sw-d/cmdname keyword cmdname">sf</span> 命令,防攻击者通过控制台读出 Flash
中的数据。</p>
<div class="- topic/p p" data-ofbid="d79035e609__20250121171525">宏 RT_USING_FINSH
包住的内容:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_k44_dp4_fdc" data-ofbid="id__pre_k44_dp4_fdc">#<strong class="hl-keyword">if</strong> defined(RT_USING_FINSH)...#endif</pre></div>
</li></ol></div>
</li><li class="- topic/li li" data-ofbid="d79035e615__20250121171525">
<div class="- topic/div div section" id="id__id8"><strong class="+ topic/ph hi-d/b ph b">固件签名加密</strong>
<p class="- topic/p p" data-ofbid="d79035e621__20250121171525">配置
<span class="+ topic/ph sw-d/filepath ph filepath">SDK/target/d12x_demo66-nor/pack/image_cfg.json</span>
文件生成签名加密固件。</p></div>
</li><li class="- topic/li li" data-ofbid="d79035e627__20250121171525">
<div class="- topic/div div section" id="id__id10">
<strong class="+ topic/ph hi-d/b ph b">对组件进行加密</strong>
<p class="- topic/p p" data-ofbid="d79035e634__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">image_cfg.json</span> 的 “temporary” 或
“pre-process” 对象的最后,添加 “spienc” 对象配置。</p><p class="- topic/p p" data-ofbid="d79035e639__20250121171525">此处使用到的 AES
加密密钥,即为
<span class="+ topic/ph sw-d/filepath ph filepath">SDK/target/d12x/demo66-nor/pack/keys/</span>
文件目录中生成的密钥。</p><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_o44_dp4_fdc" data-ofbid="id__pre_o44_dp4_fdc">{
<span class="hl-string">"spi-nor"</span>: { <em class="hl-comment">// Device, The name should be the same with string in image:info:media:type</em>
<span class="hl-string">"size"</span>: <span class="hl-string">"16m"</span>, <em class="hl-comment">// Size of SPI NAND</em>
<span class="hl-string">"partitions"</span>: {
<span class="hl-string">"spl"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"256k"</span> },
<span class="hl-string">"os"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"2m"</span> },
<span class="hl-string">"rodata"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"6m"</span> },
<span class="hl-string">"data"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"7m"</span> }
},
},
<span class="hl-string">"image"</span>: {
...
},
<span class="hl-string">"info"</span>: { <em class="hl-comment">// Header information about image</em>
...
},
<span class="hl-string">"updater"</span>: { <em class="hl-comment">// Image writer which is downloaded to RAM by USB/UART</em>
...
},
<span class="hl-string">"target"</span>: { <em class="hl-comment">// Image components which will be burn to device's partitions</em>
...
},
<span class="hl-string">"pre-process"</span>: { <em class="hl-comment">// before v1.0.6 is the name "temporary"</em>
<span class="hl-string">"spienc"</span>: {
<span class="hl-string">"bootloader.aic.enc"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"bootloader.aic"</span>, <em class="hl-comment">// File to be encrypted</em>
<span class="hl-string">"address"</span>: <span class="hl-string">"0x0"</span>, <em class="hl-comment">// Flash start address file to be stored</em>
<span class="hl-string">"key"</span>: <span class="hl-string">"keys/spi_aes.key"</span>, <em class="hl-comment">// Keys the same in eFuse</em>
<span class="hl-string">"tweak"</span>: <span class="hl-string">"0"</span>,
},
<span class="hl-string">"d12x_os.itb.enc"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"d12x_os.itb"</span>, <em class="hl-comment">// File to be encrypted</em>
<span class="hl-string">"address"</span>: <span class="hl-string">"0x40000"</span>, <em class="hl-comment">// Flash start address file to be stored</em>
<span class="hl-string">"key"</span>: <span class="hl-string">"keys/spi_aes.key"</span>, <em class="hl-comment">// Keys the same in eFuse</em>
<span class="hl-string">"tweak"</span>: <span class="hl-string">"0"</span>,
},
...
},
},
}</pre><p class="- topic/p p" data-ofbid="d79035e650__20250121171525">上述配置中,配置了一组需要使用 “spienc” 工具进行加密的组件,其中 生成
bootloader.aic.enc 组件的配置参数为:</p><ul class="- topic/ul ul simple" id="id__ul_q44_dp4_fdc" data-ofbid="id__ul_q44_dp4_fdc"><li class="- topic/li li" data-ofbid="d79035e653__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e655__20250121171525">file: 加密的源文件,此处为前面生成的 bootloader.aic 文件</p>
</li><li class="- topic/li li" data-ofbid="d79035e658__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e660__20250121171525">address: 是加密后的文件,存放在 Flash
的开始位置,这里应根据前面的分区表信息计算得到</p>
</li><li class="- topic/li li" data-ofbid="d79035e663__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e665__20250121171525">key: 使用的加密密钥</p>
</li><li class="- topic/li li" data-ofbid="d79035e668__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e670__20250121171525">nonce: 使用的加密 Nonce 值</p>
</li><li class="- topic/li li" data-ofbid="d79035e673__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e675__20250121171525">tweak: 该值不需要配置,保持为 0 即可</p>
</li></ul><p class="- topic/p p" data-ofbid="d79035e678__20250121171525">
<strong class="+ topic/ph hi-d/b ph b">对于一个或者多个需要进行加密的组件,都应按照上述方式进行配置。</strong>
</p><p class="- topic/p p" data-ofbid="d79035e683__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">mk_image.py</span> 工具在读取
<span class="+ topic/ph sw-d/filepath ph filepath">image_cfg.json</span> 文件时,逐个处理放在 “spienc”
中的配置,生成对应的加密组件,然后再进行打包。</p><div class="- topic/note note important note_important" id="id__note_byt_l3q_3dc" data-ofbid="id__note_byt_l3q_3dc"><span class="note__title">重要:</span>
<p class="- topic/p p" data-ofbid="d79035e692__20250121171525">“spienc” 字段应放在 “temporary”/”pre-process” 的最后,因为 “spienc”
处理时可能需要依赖前面配置生成的文件比如”aicboot”。</p>
<p class="- topic/p p" data-ofbid="d79035e695__20250121171525">配置加密时address 需要填写正确,不然加密结果会不正确。</p>
</div></div>
</li><li class="- topic/li li" data-ofbid="d79035e699__20250121171525">
<div class="- topic/div div section" id="id__id11">
<strong class="+ topic/ph hi-d/b ph b">配置烧录加密组件</strong><p class="- topic/p p" data-ofbid="d79035e705__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">image_cfg.json</span>
中配置下列参数,打包加密组件:</p><ol class="- topic/ol ol arabic simple" type="a" id="id__ol_s44_dp4_fdc" data-ofbid="id__ol_s44_dp4_fdc"><li class="- topic/li li" data-ofbid="d79035e711__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e713__20250121171525">updater 中打包的程序,应为非加密程序</p>
<p class="- topic/p p" data-ofbid="d79035e716__20250121171525">updater 中配置的参数,都不是 <span class="+ topic/ph sw-d/filepath ph filepath">.enc</span>
结尾的组件</p>
</li><li class="- topic/li li" data-ofbid="d79035e722__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e724__20250121171525">target 中打包的程序和数据,应为加密后的程序</p>
<p class="- topic/p p" data-ofbid="d79035e727__20250121171525">target 中配置的参数,都是 <span class="+ topic/ph sw-d/filepath ph filepath">.enc</span> 结尾的组件</p>
</li></ol><div class="- topic/p p" data-ofbid="d79035e733__20250121171525">生成加密组件之后,需要打包加密组件,以适配使用 SD 卡烧录加密固件的要求。<ul class="- topic/ul ul arabic simple" id="id__ol_u44_dp4_fdc" data-ofbid="id__ol_u44_dp4_fdc"><li class="- topic/li li" data-ofbid="d79035e736__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e738__20250121171525">SD 卡启动时,首先运行 updater 中的程序,进入烧录模式。此时由于数据是从 SD
卡加载的,不能为加密程序,否则无法正常执行</p>
</li><li class="- topic/li li" data-ofbid="d79035e741__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e743__20250121171525">target 中打包的程序是要烧录到 Flash
的数据,如果不加密,则无法起到保护的作用,因此需要打包加密后的组件</p>
</li></ul></div><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_x44_dp4_fdc" data-ofbid="id__pre_x44_dp4_fdc">{
<span class="hl-string">"spi-nor"</span>: { <em class="hl-comment">// Device, The name should be the same with string in image:info:media:type</em>
<span class="hl-string">"size"</span>: <span class="hl-string">"16m"</span>, <em class="hl-comment">// Size of SPI NAND</em>
<span class="hl-string">"partitions"</span>: {
<span class="hl-string">"spl"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"256k"</span> },
<span class="hl-string">"os"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"2m"</span> },
<span class="hl-string">"rodata"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"6m"</span> },
<span class="hl-string">"data"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"7m"</span> }
},
},
<span class="hl-string">"image"</span>: {
...
},
<span class="hl-string">"info"</span>: { <em class="hl-comment">// Header information about image</em>
...
},
<span class="hl-string">"updater"</span>: { <em class="hl-comment">// Image writer which is downloaded to RAM by USB/UART</em>
<span class="hl-string">"psram"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"uartupg-psram-init.aic"</span>,
<span class="hl-string">"attr"</span>: [<span class="hl-string">"required"</span>, <span class="hl-string">"run"</span>],
<span class="hl-string">"ram"</span>: <span class="hl-string">"0x30043000"</span>
},
<span class="hl-string">"spl"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"bootloader.aic"</span>,
<span class="hl-string">"attr"</span>: [<span class="hl-string">"required"</span>, <span class="hl-string">"run"</span>],
<span class="hl-string">"ram"</span>: <span class="hl-string">"0x40100000"</span>
},
},
<span class="hl-string">"target"</span>: { <em class="hl-comment">// Image components which will be burn to device's partitions</em>
<span class="hl-string">"spl"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"bootloader.aic.enc"</span>,
<span class="hl-string">"attr"</span>: [<span class="hl-string">"mtd"</span>, <span class="hl-string">"required"</span>],
<span class="hl-string">"part"</span>: [<span class="hl-string">"spl"</span>]
},
<span class="hl-string">"os"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"d12x_os.itb.enc"</span>,
<span class="hl-string">"attr"</span>: [<span class="hl-string">"mtd"</span>, <span class="hl-string">"required"</span>],
<span class="hl-string">"part"</span>: [<span class="hl-string">"os"</span>]
},
<span class="hl-string">"rodata"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"rodata.fatfs.enc"</span>,
<span class="hl-string">"attr"</span>: [<span class="hl-string">"mtd"</span>, <span class="hl-string">"optional"</span>],
<span class="hl-string">"part"</span>: [<span class="hl-string">"rodata"</span>]
},
<span class="hl-string">"data"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"data.lfs.enc"</span>,
<span class="hl-string">"attr"</span>: [<span class="hl-string">"mtd"</span>, <span class="hl-string">"optional"</span>],
<span class="hl-string">"part"</span>: [<span class="hl-string">"data"</span>]
},
},
<span class="hl-string">"pre-process"</span>: { <em class="hl-comment">// before v1.0.6 is the name "temporary"</em>
...
},
}</pre>
</div>
</li></ol></div>
</div>
</div>
</section><section class="- topic/section section" id="id__section_dwt_zp4_fdc" data-ofbid="id__section_dwt_zp4_fdc"><h2 class="- topic/title title sectiontitle">量产</h2>
<ul class="- topic/ul ul" id="id__ul_jll_n3q_3dc" data-ofbid="id__ul_jll_n3q_3dc"><li class="- topic/li li" data-ofbid="d79035e759__20250121171525">
<div class="- topic/div div section" id="id__aiburnpro">
<strong class="+ topic/ph hi-d/b ph b">AiBurnPro 量产</strong>
<p class="- topic/p p" data-ofbid="d79035e766__20250121171525">直接使用 AiBurnPro 量产编译生成的固件
<span class="+ topic/ph sw-d/filepath ph filepath">outputd12x_demo66-nor_rt-thread_helloworldimagesd12x_demo66-nor_v1.0.0.img</span></p></div>
</li><li class="- topic/li li" data-ofbid="d79035e771__20250121171525">
<div class="- topic/div div section" id="id__id13">
<strong class="+ topic/ph hi-d/b ph b">SD 卡量产方式</strong><ul class="- topic/ul ul" id="id__ul_qsz_1r4_fdc" data-ofbid="id__ul_qsz_1r4_fdc"><li class="- topic/li li" data-ofbid="d79035e778__20250121171525">
<div class="- topic/div div section" id="id__id14">
<strong class="+ topic/ph hi-d/b ph b">标准方式</strong>
<p class="- topic/p p" data-ofbid="d79035e785__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span> +
打包后的镜像文件,如<span class="+ topic/ph sw-d/filepath ph filepath">d12x_demo66-nor_v1.0.0.img</span></p><p class="- topic/p p" data-ofbid="d79035e791__20250121171525">
此方式只需要将编译生成的下列文件复制到 SD 卡 FAT32 文件系统的根目录,平台重新上电即可进入烧录。</p><ul class="- topic/ul ul simple" id="id__ul_ap4_dp4_fdc" data-ofbid="id__ul_ap4_dp4_fdc"><li class="- topic/li li" data-ofbid="d79035e794__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e796__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span></p>
</li><li class="- topic/li li" data-ofbid="d79035e800__20250121171525">
<p class="- topic/p p" data-ofbid="d79035e802__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">d12x_demo66-nor_v1.0.0.img</span></p>
</li></ul><p class="- topic/p p" data-ofbid="d79035e806__20250121171525"> </p></div>
</li><li class="- topic/li li" data-ofbid="d79035e809__20250121171525">
<div class="- topic/div div section" id="id__direct-mode">
<strong class="+ topic/ph hi-d/b ph b">Direct Mode</strong>
<p class="- topic/p p" data-ofbid="d79035e816__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span> + 具体的组件</p><p class="- topic/p p" data-ofbid="d79035e820__20250121171525">此方式需要修改
<span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span>,并且将
<span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span> 和使用到的组件复制到 SD 卡 FAT32
文件系统的根目录,平台重新上电即可进入烧录模式。</p><p class="- topic/p p" data-ofbid="d79035e828__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span>
示例:</p><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_cp4_dp4_fdc" data-ofbid="id__pre_cp4_dp4_fdc">boot0=bootloader.aic
writetype=spi-nor
writeintf=<span class="hl-number">0</span>
write0=bootloader.aic.enc
write1=d12x_os.itb.enc,<span class="hl-number">0x40000</span>
write2=rodata.fatfs.enc,<span class="hl-number">0x240000</span>
write3=data.fatfs.enc,<span class="hl-number">0x840000</span>
</pre><div class="- topic/note note important note_important" id="id__note_bzd_pq4_fdc" data-ofbid="id__note_bzd_pq4_fdc"><span class="note__title">重要:</span>
<p class="- topic/p p" data-ofbid="d79035e836__20250121171525"><span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span> 在修改后,需要确保换行符为 UNIX
格式的换行符,非 DOS 格式的换行符,即 n 换行,非 rn 换行。</p>
</div></div>
</li></ul></div>
</li></ul>
</section></div></article></main></div>
</div>
<nav role="navigation" id="wh_topic_toc" aria-label="On this page" class="col-lg-2 d-none d-lg-block navbar d-print-none">
<div id="wh_topic_toc_content">
<div class=" wh_topic_toc "><div class="wh_topic_label">在本页上</div><ul><li class="section-item"><div class="section-title"><a href="#id__section_sw1_bvp_pdc" data-tocid="id__section_sw1_bvp_pdc">应用场景</a></div></li><li class="section-item"><div class="section-title"><a href="#id__id2" data-tocid="id__id2">方案介绍</a></div></li><li class="section-item"><div class="section-title"><a href="#id__section_gvt_wvp_pdc" data-tocid="id__section_gvt_wvp_pdc">开启防抄板功能</a></div></li><li class="section-item"><div class="section-title"><a href="#id__section_bmh_mq4_fdc" data-tocid="id__section_bmh_mq4_fdc">生成 eFuse 烧录固件</a></div></li><li class="section-item"><div class="section-title"><a href="#id__section_m1w_mq4_fdc" data-tocid="id__section_m1w_mq4_fdc">量产固件</a></div></li><li class="section-item"><div class="section-title"><a href="#id__section_dwt_zp4_fdc" data-tocid="id__section_dwt_zp4_fdc">量产</a></div></li></ul></div>
</div>
</nav>
</div>
</div>
</div>
<footer class="navbar navbar-default wh_footer">
<div class=" footer-container mx-auto ">
<title>footer def</title>
<style><!--
.p1 {
font-family: FangZhengShuSong, Times, serif;
}
.p2 {
font-family: Arial, Helvetica, sans-serif;
}
.p3 {
font-family: "Lucida Console", "Courier New", monospace;
}
--></style>
<div class="webhelp.fragment.footer">
<p class="p1">Copyright © 2019-2024 广东匠芯创科技有限公司. All rights reserved.</p>
</div><div>
<div class="generation_time">
Update Time: 2025-01-21
</div>
</div>
</div>
</footer>
<div id="go2top" class="d-print-none">
<span class="oxy-icon oxy-icon-up"></span>
</div>
<div id="modal_img_large" class="modal">
<span class="close oxy-icon oxy-icon-remove"></span>
<div id="modal_img_container"></div>
<div id="caption"></div>
</div>
<script src="${pd}/publishing/publishing-styles-AIC-template/js/custom.js" defer="defer"></script>
</body>
add doc v1.1.2
2025-01-23 16:37:00 +08:00
</html>
Reference in New Issue Copy Permalink