wen/luban-lite-t3e-pro
1
0
Fork 0
mirror of https://gitee.com/Vancouver2017/luban-lite-t3e-pro.git synced 2025-12-14 18:38:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fe0b990053fc29df772a4716d8fa9185f28e1283
luban-lite-t3e-pro/doc/topics/sdk/secure/spienc_function_d13x.html
刘可亮 b4033d8696 add doc v1.1.2
2025-01-23 16:37:00 +08:00

808 lines
93 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-cn" lang="zh-cn" data-whc_version="26.0">
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="description" content="应用场景 本方案针对下列使用场景: 方案商提供主控芯片和开发好的固件给第三方生产商 生产, 方案商对自己的固件进行保护 方案商开发了包含某一功能的固件 生产商不进行开发,而使用方案商提供的固件 方案商为了保护自己的固件,会要求自己的固件只能在方案商授权的主控芯片上运行 他人不能通过拷贝 SPI NOR 上的固件在不经 方案商 授权的主控芯片上运行 方案介绍 本方案通过使用 AIC 主控的 ..."/><meta name="DC.rights.owner" content="(C) 版权 2025"/><meta name="copyright" content="(C) 版权 2025"/><meta name="generator" content="DITA-OT"/><meta name="DC.type" content="topic"/><meta name="DC.relation" content="../../../topics/sdk/secure/chapter-secure.html"/><meta name="DC.relation" content="../../../topics/sdk/secure/spienc_function_d12x.html"/><meta name="DC.relation" content="../../../topics/sdk/app/mkfs_partition_image.html"/><meta name="DC.contributor" content="yan.wang"/><meta name="DC.contributor" content="yan.wang"/><meta name="DC.creator" content="yan.wang"/><meta name="DC.date.modified" content="2024-01-15"/><meta name="DC.format" content="HTML5"/><meta name="DC.identifier" content="spienc_function"/><meta name="DC.language" content="zh-CN"/><title>防抄板-SPIENC-D13x</title><!-- Build number 2023110923. --><meta name="wh-path2root" content="../../../"/><meta name="wh-toc-id" content="spienc_function-d5856e1854"/><meta name="wh-source-relpath" content="topics/sdk/secure/spienc_function_d13x.dita"/><meta name="wh-out-relpath" content="topics/sdk/secure/spienc_function_d13x.html"/>
<link rel="stylesheet" type="text/css" href="../../../webhelp/app/commons.css?buildId=2023110923"/>
<link rel="stylesheet" type="text/css" href="../../../webhelp/app/topic.css?buildId=2023110923"/>
<script src="../../../webhelp/app/options/properties.js?buildId=20250121171154"></script>
<script src="../../../webhelp/app/localization/strings.js?buildId=2023110923"></script>
<script src="../../../webhelp/app/search/index/keywords.js?buildId=20250121171154"></script>
<script defer="defer" src="../../../webhelp/app/commons.js?buildId=2023110923"></script>
<script defer="defer" src="../../../webhelp/app/topic.js?buildId=2023110923"></script>
<link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-styles-web.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/notes.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-common.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-images.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/footnote.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-web-watermark.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/topic-body-list.css?buildId=2023110923"/></head>
<body id="spienc_function" class="wh_topic_page frmBody">
<a href="#wh_topic_body" class="sr-only sr-only-focusable">
跳转到主要内容
</a>
<header class="navbar navbar-default wh_header">
<div class="container-fluid">
<div class="wh_header_flex_container navbar-nav navbar-expand-md navbar-dark">
<div class="wh_logo_and_publication_title_container">
<div class="wh_logo_and_publication_title">
<a href="http://www.artinchip.com" class=" wh_logo d-none d-sm-block "><img src="../../../company-logo-white.png" alt="RTOS SDK 使用指南SDK 指南文件"/></a>
<div class=" wh_publication_title "><a href="../../../index.html"><span class="booktitle"><span class="ph mainbooktitle">RTOS SDK 使用指南</span><span class="ph booktitlealt">SDK 指南文件</span></span></a></div>
</div>
</div>
<div class="wh_top_menu_and_indexterms_link collapse navbar-collapse" id="wh_top_menu_and_indexterms_link">
</div>
</div>
</div>
</header>
<div class=" wh_search_input navbar-form wh_topic_page_search search " role="form">
<form id="searchForm" method="get" role="search" action="../../../search.html"><div><input type="search" placeholder="搜索 " class="wh_search_textfield" id="textToSearch" name="searchQuery" aria-label="搜索查询" required="required"/><button type="submit" class="wh_search_button" aria-label="搜索"><span class="search_input_text">搜索</span></button></div></form>
</div>
<div class="container-fluid" id="wh_topic_container">
<div class="row">
<nav class="wh_tools d-print-none navbar-expand-md" aria-label="Tools">
<div data-tooltip-position="bottom" class=" wh_breadcrumb "><ol class="d-print-none"><li><span class="home"><a href="../../../index.html"><span>主页</span></a></span></li><li><div class="topicref" data-id="concept_rcx_czh_pzb"><div class="title"><a href="../../../topics/sdk/chapter-app.html">应用场景</a><div class="wh-tooltip"><p class="shortdesc">描述了 SDK 在不同应用场景中的配置和使用包括系统更新、OTA、安全方案等。</p></div></div></div></li><li><div class="topicref" data-id="id"><div class="title"><a href="../../../topics/sdk/secure/chapter-secure.html">安全方案</a></div></div></li><li class="active"><div class="topicref" data-id="spienc_function"><div class="title"><a href="../../../topics/sdk/secure/spienc_function_d13x.html">防抄板-SPIENC-D13x</a></div></div></li></ol></div>
<div class="wh_right_tools">
<button class="wh_hide_highlight" aria-label="切换搜索突出显示" title="切换搜索突出显示"></button>
<button class="webhelp_expand_collapse_sections" data-next-state="collapsed" aria-label="折叠截面" title="折叠截面"></button>
<div class=" wh_navigation_links "><span id="topic_navigation_links" class="navheader">
<span class="navprev"><a class="- topic/link link" href="../../../topics/sdk/secure/spienc_function_d12x.html" title="防抄板-SPIENC-D12x" aria-label="上一主题: 防抄板-SPIENC-D12x" rel="prev"></a></span>
<span class="navnext"><a class="- topic/link link" href="../../../topics/sdk/app/mkfs_partition_image.html" title="制作分区镜像" aria-label="下一主题: 制作分区镜像" rel="next"></a></span> </span></div>
<div class=" wh_print_link print d-none d-md-inline-block "><button onClick="window.print()" title="打印此页" aria-label="打印此页"></button></div>
<button type="button" id="wh_toc_button" class="custom-toggler navbar-toggler collapsed wh_toggle_button navbar-light" aria-expanded="false" aria-label="Toggle publishing table of content" aria-controls="wh_publication_toc">
<span class="navbar-toggler-icon"></span>
</button>
</div>
</nav>
</div>
<div class="wh_content_area">
<div class="row">
<nav id="wh_publication_toc" class="col-lg-3 col-md-3 col-sm-12 d-md-block d-none d-print-none" aria-label="Table of Contents Container">
<div id="wh_publication_toc_content">
<div class=" wh_publication_toc " data-tooltip-position="right"><span class="expand-button-action-labels"><span id="button-expand-action" role="button" aria-label="Expand"></span><span id="button-collapse-action" role="button" aria-label="Collapse"></span><span id="button-pending-action" role="button" aria-label="Pending"></span></span><ul role="tree" aria-label="Table of Contents"><li role="treeitem"><div data-tocid="revinfo_linux-d5856e989" class="topicref" data-id="revinfo_linux" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/revinfo/revinfo_rtos.html" id="revinfo_linux-d5856e989-link">修订记录</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1003" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1003-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/env/sdk-compile.html" id="id-d5856e1003-link">SDK 编译</a><div class="wh-tooltip"><p class="shortdesc">介绍不同编译环境下 SDK 的详细编译流程。</p></div></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1152" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1152-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/advanced/sdk-usage.html" id="id-d5856e1152-link">使用指南</a><div class="wh-tooltip"><p class="shortdesc">系统镜像、编译选项、开发板、应用等相关的详细使用说明。</p></div></div></div></li><li role="treeitem" aria-expanded="true"><div data-tocid="concept_rcx_czh_pzb-d5856e1416" class="topicref" data-id="concept_rcx_czh_pzb" data-state="expanded"><span role="button" tabindex="0" aria-labelledby="button-collapse-action concept_rcx_czh_pzb-d5856e1416-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/chapter-app.html" id="concept_rcx_czh_pzb-d5856e1416-link">应用场景</a><div class="wh-tooltip"><p class="shortdesc">描述了 SDK 在不同应用场景中的配置和使用包括系统更新、OTA、安全方案等。</p></div></div></div><ul role="group" class="navbar-nav nav-list"><li role="treeitem"><div data-tocid="id-d5856e1431" class="topicref" data-id="id" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/usb/udisk.html" id="id-d5856e1431-link">挂载 U 盘 </a></div></div></li><li role="treeitem"><div data-tocid="id-d5856e1443" class="topicref" data-id="id" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/sdmc/sdcard.html" id="id-d5856e1443-link">挂载 SD 卡</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1455" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1455-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/burnsys/burnsys_user_guide.html" id="id-d5856e1455-link">系统更新</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1553" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1553-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/ota/ota_guide.html" id="id-d5856e1553-link">OTA 方案</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1657" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1657-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/xip/xip_user_guide.html" id="id-d5856e1657-link">XIP 方案 </a></div></div></li><li role="treeitem"><div data-tocid="id-d5856e1734" class="topicref" data-id="id" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/app/psram_load.html" id="id-d5856e1734-link">分散加载</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1746" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1746-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/app/dm.html" id="id-d5856e1746-link">动态加载 (DM-APP)</a></div></div></li><li role="treeitem" aria-expanded="true"><div data-tocid="id-d5856e1806" class="topicref" data-id="id" data-state="expanded"><span role="button" tabindex="0" aria-labelledby="button-collapse-action id-d5856e1806-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/secure/chapter-secure.html" id="id-d5856e1806-link">安全方案</a></div></div><ul role="group" class="navbar-nav nav-list"><li role="treeitem"><div data-tocid="id-d5856e1818" class="topicref" data-id="id" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/secure/firmware_encryption_with_spienc.html" id="id-d5856e1818-link">固件加密-SPIENC</a></div></div></li><li role="treeitem"><div data-tocid="hw_authentication-d5856e1830" class="topicref" data-id="hw_authentication" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/secure/hw_authorization.html" id="hw_authentication-d5856e1830-link">硬件授权认证 </a></div></div></li><li role="treeitem"><div data-tocid="id-d5856e1842" class="topicref" data-id="id" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/secure/spienc_function_d12x.html" id="id-d5856e1842-link">防抄板-SPIENC-D12x</a></div></div></li><li role="treeitem" class="active"><div data-tocid="spienc_function-d5856e1854" class="topicref" data-id="spienc_function" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/secure/spienc_function_d13x.html" id="spienc_function-d5856e1854-link">防抄板-SPIENC-D13x</a></div></div></li></ul></li><li role="treeitem"><div data-tocid="mkfs_partition_image-d5856e1866" class="topicref" data-id="mkfs_partition_image" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/app/mkfs_partition_image.html" id="mkfs_partition_image-d5856e1866-link">制作分区镜像</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1878" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1878-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/d13x_bare_boot/index.html" id="id-d5856e1878-link">客制化启动</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1963" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1963-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/burnsys/burner_offline_lite.html" id="id-d5856e1963-link">离线烧录</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="usb_display-d5856e2011" class="topicref" data-id="usb_display" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action usb_display-d5856e2011-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/app/usb-display.html" id="usb_display-d5856e2011-link">USB Display 方案</a></div></div></li></ul></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e2119" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e2119-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/peripheral/peripheral-intro.html" id="id-d5856e2119-link">外设移植</a><div class="wh-tooltip"><p class="shortdesc"><span class="ph">CTP、U 盘、SD 卡、有线和无线网络</span>等外设的介绍和使用说明。</p></div></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e2244" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e2244-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/bringup/chapter-bringup.html" id="id-d5856e2244-link">BringUp</a><div class="wh-tooltip"><p class="shortdesc">在硬件上电后快速初始化系统,为操作系统的启动准备好必要的硬件环境。</p></div></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e2345" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e2345-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/chapter-advanced-app.html" id="id-d5856e2345-link">高级应用</a><div class="wh-tooltip"><p class="shortdesc">系统、存储、多媒体、接口、安全等模块的详细配置和设计说明。</p></div></div></div></li></ul></div>
</div>
</nav>
<div class="col-lg-7 col-md-9 col-sm-12" id="wh_topic_body">
<button id="wh_close_publication_toc_button" class="close-toc-button d-none" aria-label="Toggle publishing table of content" aria-controls="wh_publication_toc" aria-expanded="true">
<span class="close-toc-icon-container">
<span class="close-toc-icon"></span>
</span>
</button>
<button id="wh_close_topic_toc_button" class="close-toc-button d-none" aria-label="Toggle topic table of content" aria-controls="wh_topic_toc" aria-expanded="true">
<span class="close-toc-icon-container">
<span class="close-toc-icon"></span>
</span>
</button>
<div class=" wh_topic_content body "><main role="main"><article class="- topic/topic topic" role="article" aria-labelledby="ariaid-title1"><span class="edit-link" style="font-size:12px; opacity:0.6; text-align:right; vertical-align:middle"><a target="_blank" href="http://172.16.35.88/tasks/jdssno1uvvbf2mltu9kb9v3if05d5gopuakboe8hlud18rma/edit/F:/aicdita/aicdita-cn/topics/sdk/secure/spienc_function_d13x.dita">Edit online</a></span><h1 class="- topic/title title topictitle1" id="ariaid-title1">防抄板-SPIENC-D13x</h1><div class="date inPage">15 Jan 2024</div><div style="color: gray;">
Read time: 13 minute(s)
</div><div class="- topic/body body"><section class="- topic/section section" id="spienc_function__section_sw1_bvp_pdc" data-ofbid="spienc_function__section_sw1_bvp_pdc"><h2 class="- topic/title title sectiontitle">应用场景</h2>
<p class="- topic/p p" data-ofbid="d281165e26__20250121171752"> 本方案针对下列使用场景:</p>
<ul class="- topic/ul ul simple" id="spienc_function__ul_an4_dp4_fdc" data-ofbid="spienc_function__ul_an4_dp4_fdc"><li class="- topic/li li" data-ofbid="d281165e30__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e32__20250121171752">方案商提供主控芯片和开发好的固件给第三方生产商 生产, 方案商对自己的固件进行保护</p>
</li><li class="- topic/li li" data-ofbid="d281165e35__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e37__20250121171752">方案商开发了包含某一功能的固件</p>
</li><li class="- topic/li li" data-ofbid="d281165e40__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e42__20250121171752">生产商不进行开发,而使用方案商提供的固件</p>
</li><li class="- topic/li li" data-ofbid="d281165e45__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e47__20250121171752">方案商为了保护自己的固件,会要求自己的固件只能在方案商授权的主控芯片上运行</p>
</li><li class="- topic/li li" data-ofbid="d281165e50__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e52__20250121171752">他人不能通过拷贝 SPI NOR 上的固件在不经 <code class="+ topic/ph pr-d/codeph ph codeph">方案商</code> 授权的主控芯片上运行</p>
</li></ul>
</section><section class="- topic/section section" id="spienc_function__section_vsw_dvp_pdc" data-ofbid="spienc_function__section_vsw_dvp_pdc"><h2 class="- topic/title title sectiontitle">方案介绍</h2>
<div class="- topic/div div">
<p class="- topic/p p" id="spienc_function__p_ppw_qsd_jdc" data-ofbid="spienc_function__p_ppw_qsd_jdc">本方案通过使用 AIC 主控的 SPIENC
总线加密功能以及安全启动功能来实现防抄板,结合实际使用的需求,提供对应的软件方案。</p>
<div class="- topic/div div" id="spienc_function__div_v32_nsd_jdc"><strong class="+ topic/ph hi-d/b ph b">SPIENC 总线加密</strong><p class="- topic/p p" data-ofbid="d281165e72__20250121171752">SPIENC 总线加密功能是一个芯片硬件支持的安全功能,芯片使能了
SPIENC 后,内部的 SPIENC 模块对 SPI 总线上传输的数据进行实时的加密或解密,即对写出去的数据进行 AES 加密,读回来的数据进行
AES 解密, 使得保存在 Flash 上的数据总是密文。</p><p class="- topic/p p" data-ofbid="d281165e74__20250121171752">SPIENC 进行加解密时,使用芯片 eFuse
中特定密钥区域中的密钥对数据进行加密和解密,该密钥区域可以做到烧录后 CPU 不可读写,在芯片内部也仅有 SPIENC
模块能够访问,因此可以做到硬件安全保密。</p><div class="- topic/p p" data-ofbid="d281165e76__20250121171752">启用 SPIENC 的工作为:<ul class="- topic/ul ul simple" id="spienc_function__ul_bn4_dp4_fdc" data-ofbid="spienc_function__ul_bn4_dp4_fdc"><li class="- topic/li li" data-ofbid="d281165e79__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e81__20250121171752"> 在芯片中烧录特有的的 AES 密钥,并且将相关密钥区域设置为仅 SPIENC 可访问。</p>
</li><li class="- topic/li li" data-ofbid="d281165e84__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e86__20250121171752"> 提供对应的加密固件。</p>
</li><li class="- topic/li li" data-ofbid="d281165e89__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e91__20250121171752">对 AES 密钥进行妥善管理,防止泄露。</p>
</li></ul></div><p class="- topic/p p" data-ofbid="d281165e94__20250121171752">此时芯片和对应的固件就被绑定在一起,提供出去的固件,只能运行在烧录了对应加密密钥的芯片上;
烧录了密钥的芯片,也只能运行使用对应密钥加密后的固件。</p></div>
</div>
<div class="- topic/div div" id="spienc_function__div_qhf_4sd_jdc"><strong class="+ topic/ph hi-d/b ph b">安全启动</strong><p class="- topic/p p" data-ofbid="d281165e101__20250121171752">安全启动功能是通过 RSA
签名和验签的方式,保证芯片只运行经过合法签名的固件,非法固件无法在开启安全启动的芯片上执行。
在防抄板方案中,安全启动可以预防攻击者通过其他手段,运行非法程序读取 Flash 中的固件内容。</p></div>
</section><section class="- topic/section section" id="spienc_function__section_gvt_wvp_pdc" data-ofbid="spienc_function__section_gvt_wvp_pdc"><h2 class="- topic/title title sectiontitle">开启防抄板功能</h2>
<div class="- topic/div div" id="spienc_function__div_zxc_55d_jdc">
<p class="- topic/p p" data-ofbid="d281165e111__20250121171752">如需开启防抄版功能,执行下列步骤:</p>
<ol class="- topic/ol ol simple" id="spienc_function__ul_cn4_dp4_fdc" data-ofbid="spienc_function__ul_cn4_dp4_fdc"><li class="- topic/li li" data-ofbid="d281165e115__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e117__20250121171752">编译一个烧录 eFuse 的 BootLoader该固件只完成对出货的芯片烧录相关的 eFuse 和密钥,并使能 SPIENC
和安全启动功能</p>
<div class="- topic/p p" data-ofbid="d281165e120__20250121171752">通过运行特定 eFuse 烧录程序,对芯片进行 eFuse 烧录。<ol class="- topic/ol ol simple" type="a" id="spienc_function__ul_dn4_dp4_fdc" data-ofbid="spienc_function__ul_dn4_dp4_fdc"><li class="- topic/li li" data-ofbid="d281165e123__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e125__20250121171752">通过修改 BootLoader 的代码,将烧录 eFuse 的程序集成到 BootLoader 中。</p>
</li><li class="- topic/li li" data-ofbid="d281165e128__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e130__20250121171752"><a class="- topic/xref xref" href="../../../reusables/reused-topics/../../topics/sdk/secure/spienc_function_d12x.html#id__section_bmh_mq4_fdc">编译生成烧录 eFuse 专用的固件。</a></p>
</li><li class="- topic/li li" data-ofbid="d281165e135__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e137__20250121171752">上电刷机, BootLoader 程序会仅烧录对应的 eFuse 域成功后退出。</p>
</li><li class="- topic/li li" data-ofbid="d281165e140__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e142__20250121171752">可以用 AiBurn 刷机,也可以用 SD 卡等存储介质刷机。</p>
</li></ol></div>
</li><li class="- topic/li li" data-ofbid="d281165e146__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e148__20250121171752">编译一个进行了加密的<a class="- topic/xref xref" href="../../../reusables/reused-topics/../../topics/sdk/secure/spienc_function_d12x.html#id__section_m1w_mq4_fdc">量产固件</a>,该量产固件可以发放给生产商。</p>
</li><li class="- topic/li li" data-ofbid="d281165e155__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e157__20250121171752">生产商使用方案商提供的主控进行生产,烧录方案商提供的固件。</p>
</li></ol>
</div>
</section><section class="- topic/section section" id="spienc_function__section_bmh_mq4_fdc" data-ofbid="spienc_function__section_bmh_mq4_fdc"><h2 class="- topic/title title sectiontitle">生成 eFuse 烧录固件</h2>
<div class="- topic/div div">
<p class="- topic/p p" data-ofbid="d281165e169__20250121171752">使用 SPIENC 加密功能,需要用到一个 128 位的 AES 密钥,并将其烧录到芯片 eFuse
中。在制作加密镜像时,也需要使用密钥,因此确保密钥保持不变且已妥善管理, 以免泄露。</p>
<div class="- topic/div div">
<div class="- topic/p p" data-ofbid="d281165e174__20250121171752">本节以 d13x_demo88-nor 开发板为例,描述了生成 eFuse 烧录程序的详细流程。在示例方案中,提供了下列用于生成密钥的脚本:<ul class="- topic/ul ul" id="spienc_function__ul_lpg_152_jdc" data-ofbid="spienc_function__ul_lpg_152_jdc"><li class="- topic/li li" data-ofbid="d281165e177__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e179__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">SDK/target/d13x/demo88-nor/pack/keys/set_aes_key.txt</span>:存储密钥</p>
</li><li class="- topic/li li" data-ofbid="d281165e184__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e186__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">SDK/target/d13x/demo88-nor/pack/keys/set_nonce.txt</span>
存储 NONCE</p>
</li><li class="- topic/li li" data-ofbid="d281165e191__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e193__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">SDK/target/d13x/demo88-nor/pack/keys/gen_spienc_key.bat</span>
Windows 上的脚本</p>
</li><li class="- topic/li li" data-ofbid="d281165e198__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e200__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">SDK/target/d13x/demo88-nor/pack/keys/gen_spienc_key.sh</span>
Linux 上的脚本</p>
</li></ul></div>
</div>
</div>
<div class="- topic/div div section" id="spienc_function__efuse">执行下列步骤,可以生成 eFuse 烧录程序:<ol class="- topic/ol ol" id="spienc_function__ol_b5f_vq4_fdc" data-ofbid="spienc_function__ol_b5f_vq4_fdc"><li class="- topic/li li" data-ofbid="d281165e211__20250121171752">
<div class="- topic/div div section" id="spienc_function__id4">
<strong class="+ topic/ph hi-d/b ph b">生成密钥</strong>
<div class="- topic/p p" data-ofbid="d281165e218__20250121171752">根据运行环境执行对应命令,运行生成密钥的脚本:<ul class="- topic/ul ul" id="spienc_function__ul_pwh_3vd_jdc" data-ofbid="spienc_function__ul_pwh_3vd_jdc"><li class="- topic/li li" data-ofbid="d281165e221__20250121171752"><strong class="+ topic/ph hi-d/b ph b">Linux 环境</strong>下:<ol class="- topic/ol ol" type="a" id="spienc_function__ol_mp2_s42_jdc" data-ofbid="spienc_function__ol_mp2_s42_jdc"><li class="- topic/li li" data-ofbid="d281165e227__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e229__20250121171752">确保已经安装 OpenSSL。如未安装可执行以下命令进行安装</p>
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_x1g_s42_jdc" data-ofbid="spienc_function__pre_x1g_s42_jdc"><code class="+ topic/ph pr-d/codeph ph codeph">sudo apt-get install openssl</code></pre>
</li><li class="- topic/li li" data-ofbid="d281165e236__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e238__20250121171752">准备初始密钥文件 <span class="+ topic/ph sw-d/filepath ph filepath">set_aes_key.txt</span>
<span class="+ topic/ph sw-d/filepath ph filepath">set_nonce.txt</span></p>
<p class="- topic/p p" data-ofbid="d281165e247__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">set_aes_key.txt</span>
<span class="+ topic/ph sw-d/filepath ph filepath">set_nonce.txt</span>
文件中各有一个初始密钥,需要手动修改其中的 <code class="+ topic/ph pr-d/codeph ph codeph">HEX</code>
密钥内容.</p>
</li><li class="- topic/li li" data-ofbid="d281165e258__20250121171752">
<div class="- topic/p p" data-ofbid="d281165e260__20250121171752">使用下列命令运行脚本生成所需的密钥文件和头文件:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__codeblock_ifx_lr2_jdc" data-ofbid="spienc_function__codeblock_ifx_lr2_jdc">cd <var class="+ topic/keyword sw-d/varname keyword varname">SDK_ROOT</var>/lite/target/d13x/demo88-nor/pack/keys/
./gen_spienc_key.sh</pre></div>
<div class="- topic/p p" data-ofbid="d281165e268__20250121171752">生成的文件如下所示:<ul class="- topic/ul ul" id="spienc_function__ul_ovx_n52_jdc" data-ofbid="spienc_function__ul_ovx_n52_jdc"><li class="- topic/li li" data-ofbid="d281165e271__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e273__20250121171752">AES 密钥 <span class="+ topic/ph sw-d/filepath ph filepath">spi_aes.key</span></p>
</li><li class="- topic/li li" data-ofbid="d281165e278__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e280__20250121171752">对应的 C 语言头文件
<span class="+ topic/ph sw-d/filepath ph filepath">spi_aes_key.h</span></p>
</li></ul><ul class="- topic/ul ul" id="spienc_function__ul_qcm_s52_jdc" data-ofbid="spienc_function__ul_qcm_s52_jdc"><li class="- topic/li li" data-ofbid="d281165e286__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e288__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">spi_nonce.key</span></p>
</li><li class="- topic/li li" data-ofbid="d281165e292__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e294__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">rotpk.bin</span></p>
</li><li class="- topic/li li" data-ofbid="d281165e298__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e300__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">rsa_private_key.der</span></p>
</li><li class="- topic/li li" data-ofbid="d281165e304__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e306__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">rsa_private_key.pem</span></p>
</li><li class="- topic/li li" data-ofbid="d281165e310__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e312__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">rsa_public_key.der</span></p>
</li><li class="- topic/li li" data-ofbid="d281165e316__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e318__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">rsa_public_key.pem</span></p>
</li></ul></div>
</li><li class="- topic/li li" data-ofbid="d281165e323__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e325__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">spi_aes_key.h</span> 文件复制粘贴至
<span class="+ topic/ph sw-d/filepath ph filepath">lite/bsp/examples_bare/test-efuse/</span>
目录中,供编译烧录 eFuse 的程序时使用。</p>
<p class="- topic/p p" data-ofbid="d281165e334__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">spi_aes.key</span> 和其他文件则保留在
<span class="+ topic/ph sw-d/filepath ph filepath">lite/target/d13x/demo88-nor/pack/keys/</span>,在
<span class="+ topic/ph sw-d/filepath ph filepath">mk_image.py</span> 生成加密固件时使用。</p>
<div class="- topic/note note important note_important" id="spienc_function__note_y45_1p2_jdc" data-ofbid="spienc_function__note_y45_1p2_jdc"><span class="note__title">重要:</span>
生成的密钥请妥善保管,以免丢失或者泄露。</div>
</li></ol></li><li class="- topic/li li" data-ofbid="d281165e348__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e350__20250121171752"><strong class="+ topic/ph hi-d/b ph b">Windows 环境</strong> 下:</p>
<div class="- topic/p p" data-ofbid="d281165e356__20250121171752">
<ol class="- topic/ol ol arabic simple" type="a" id="spienc_function__ol_in4_dp4_fdc" data-ofbid="spienc_function__ol_in4_dp4_fdc"><li class="- topic/li li" data-ofbid="d281165e359__20250121171752">
<div class="- topic/p p" data-ofbid="d281165e361__20250121171752">运行脚本生成一个 AES 密钥
<span class="+ topic/ph sw-d/filepath ph filepath">spi_aes.key</span>,并且生成对应的 C 语言头文件
<span class="+ topic/ph sw-d/filepath ph filepath">spi_aes_key.h</span><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__codeblock_ub5_jp2_jdc" data-ofbid="spienc_function__codeblock_ub5_jp2_jdc">cd <var class="+ topic/keyword sw-d/varname keyword varname">SDK_ROOT</var>/lite/target/d13x/demo88-nor/pack/keys/
./gen_spienc_key.sh</pre><dl class="- topic/dl dl" id="spienc_function__dl_vb5_jp2_jdc" data-ofbid="spienc_function__dl_vb5_jp2_jdc"><dt class="- topic/dt dt dlterm" data-ofbid="d281165e376__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">spi_aes.key</span>:</dt><dd class="- topic/dd dd">
<p class="- topic/p p" data-ofbid="d281165e382__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">mk_image.py</span>
生成加密固件时使用。</p>
</dd><dt class="- topic/dt dt dlterm" data-ofbid="d281165e389__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">spi_aes_key.h</span>:</dt><dd class="- topic/dd dd">
<p class="- topic/p p" data-ofbid="d281165e395__20250121171752">复制到
<span class="+ topic/ph sw-d/filepath ph filepath">lite/bsp/examples_bare/test-efuse/spi_aes_key.h</span></p>
<p class="- topic/p p" data-ofbid="d281165e400__20250121171752">在编译烧录 eFuse 的程序时使用。</p>
</dd></dl></div>
<div class="- topic/note note important note_important" id="spienc_function__note_wb5_jp2_jdc" data-ofbid="spienc_function__note_wb5_jp2_jdc"><span class="note__title">重要:</span>
生成的密钥请妥善保管,以免丢失或者泄露。</div>
</li><li class="- topic/li li" data-ofbid="d281165e407__20250121171752">
<div class="- topic/p p" data-ofbid="d281165e409__20250121171752">将下列文件复制到 Windows 的 SDK 目录:<ul class="- topic/ul ul" id="spienc_function__ul_ilj_dq2_jdc" data-ofbid="spienc_function__ul_ilj_dq2_jdc"><li class="- topic/li li" data-ofbid="d281165e412__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e414__20250121171752">
<span class="+ topic/ph sw-d/filepath ph filepath">SDK/target/d13x/demo88-nor/pack/keys/</span>
复制到 Window SDK 对应目录中。</p>
</li><li class="- topic/li li" data-ofbid="d281165e420__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e422__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">keys</span> 下的
<span class="+ topic/ph sw-d/filepath ph filepath">spi_aes_key.h</span> 文件复制粘贴至
<span class="+ topic/ph sw-d/filepath ph filepath">SDK/bsp/examples_bare/test-efuse/spi_aes_key.h</span>
目录中。</p>
</li></ul></div>
</li></ol>
</div>
</li></ul></div></div>
</li><li class="- topic/li li" data-ofbid="d281165e438__20250121171752">
<div class="- topic/div div section" id="spienc_function__id5">
<strong class="+ topic/ph hi-d/b ph b">编译程序</strong>
<p class="- topic/p p" data-ofbid="d281165e445__20250121171752">按照以下步骤配置和编译 BootLoader并生成烧录固件。</p><ol class="- topic/ol ol" type="a" id="spienc_function__ol_b3x_nv2_jdc" data-ofbid="spienc_function__ol_b3x_nv2_jdc"><li class="- topic/li li" data-ofbid="d281165e448__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e450__20250121171752">应用 BootLoader 的配置:</p>
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_jn4_dp4_fdc" data-ofbid="spienc_function__pre_jn4_dp4_fdc">cd &lt;SDK_ROOT&gt;
scons --apply-def d13x_demo88-nor_baremetal_bootloader_defconfig</pre>
</li><li class="- topic/li li" data-ofbid="d281165e456__20250121171752">
<div class="- topic/p p" data-ofbid="d281165e458__20250121171752">打开 BootLoader 的 menuconfig
菜单:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_kn4_dp4_fdc" data-ofbid="spienc_function__pre_kn4_dp4_fdc">scons --menuconfig
</pre></div>
</li><li class="- topic/li li" data-ofbid="d281165e463__20250121171752">
<div class="- topic/p p" data-ofbid="d281165e465__20250121171752">分别选上或者确认下列选项已经选上:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_ln4_dp4_fdc" data-ofbid="spienc_function__pre_ln4_dp4_fdc">AIC_USING_SID
AIC_SID_BARE_TEST
AIC_USING_SPIENC
AIC_SPIENC_BYPASS_IN_UPGMODE
</pre></div>
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_mn4_dp4_fdc" data-ofbid="spienc_function__pre_mn4_dp4_fdc">Board options ---&gt;
[*] Using Spienc
[*] Bypass during bootloader burn image
[*] Enc qspi0
(<span class="hl-number">0</span>) set qspi0 tweak
[*] Using Efuse/SID
</pre>
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_nn4_dp4_fdc" data-ofbid="spienc_function__pre_nn4_dp4_fdc">Drivers options ---&gt;
Drivers examples ---&gt;
[*] Enable SID driver test command
</pre>
</li><li class="- topic/li li" data-ofbid="d281165e476__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e478__20250121171752">修改代码使能 SPIENC</p>
<ul class="- topic/ul ul" id="spienc_function__ul_zcv_1w2_jdc" data-ofbid="spienc_function__ul_zcv_1w2_jdc"><li class="- topic/li li" data-ofbid="d281165e482__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e484__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">bsp/examples_bare/test-efuse/efuse_burn_spienc_key_cmd.c:</span></p>
<p class="- topic/p p" data-ofbid="d281165e488__20250121171752">使能文件开头的<span class="+ topic/keyword pr-d/parmname keyword parmname">
D13X_BURN_SPIENC_KEY_ENABLE</span> 定义</p>
<div class="- topic/note note note note_note" id="spienc_function__note_lwf_5v2_jdc" data-ofbid="spienc_function__note_lwf_5v2_jdc"><span class="note__title">注:</span>
<p class="- topic/p p" data-ofbid="d281165e496__20250121171752">如果不需要关闭 JTAG可以将
<span class="+ topic/keyword pr-d/apiname keyword apiname">burn_jtag_lock_bit()</span>
相关的调用注释掉。</p>
</div>
</li><li class="- topic/li li" data-ofbid="d281165e503__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e505__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">application/baremetal/bootloader/main.c</span>:</p>
<div class="- topic/p p" data-ofbid="d281165e510__20250121171752"><code class="+ topic/ph pr-d/codeph ph codeph">console_set_usrname</code>
之后,添加上一个命令执行代码,<code class="+ topic/ph pr-d/codeph ph codeph">console_run_cmd(“efuse_spienc”);</code>
如下所示。<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__codeblock_uts_cw2_jdc" data-ofbid="spienc_function__codeblock_uts_cw2_jdc"><strong class="hl-keyword">int</strong> main(<strong class="hl-keyword">void</strong>)
{
console_init();
console_set_usrname(<span class="hl-string">"aic"</span>);
console_run_cmd(<span class="hl-string">"efuse_spienc"</span>); <em class="hl-comment">// 加上此句</em>
...
}</pre></div>
</li></ul>
</li><li class="- topic/li li" data-ofbid="d281165e522__20250121171752">
<div class="- topic/p p" data-ofbid="d281165e524__20250121171752">编译程序
BootLoader<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_rn4_dp4_fdc" data-ofbid="spienc_function__pre_rn4_dp4_fdc">scons</pre></div>
</li><li class="- topic/li li" data-ofbid="d281165e529__20250121171752">
<div class="- topic/p p" data-ofbid="d281165e531__20250121171752">编译程序 APP
并且生成烧录固件:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_sn4_dp4_fdc" data-ofbid="spienc_function__pre_sn4_dp4_fdc">scons --apply-def=d13x_demo88-nor_rt-thread_helloworld_defconfig
scons
</pre></div>
<p class="- topic/p p" data-ofbid="d281165e536__20250121171752"> 编译结果保存在
<span class="+ topic/ph sw-d/filepath ph filepath">SDK/output/d13x_demo88-nor_rt-thread_helloworld/images</span>
目录中。</p>
</li></ol>
</div>
</li><li class="- topic/li li" data-ofbid="d281165e544__20250121171752">
<div class="- topic/div div section" id="spienc_function__aiburn">
<strong class="+ topic/ph hi-d/b ph b">AiBurn 卡烧录</strong><p class="- topic/p p" data-ofbid="d281165e550__20250121171752">使用 AiBurn 烧录
<span class="+ topic/ph sw-d/filepath ph filepath">outputd13x_demo88-nor_rt-thread_helloworldimagesd13x_demo88-nor_v1.0.0.img</span>
固件</p>
</div>
</li><li class="- topic/li li" data-ofbid="d281165e557__20250121171752">
<div class="- topic/div div section" id="spienc_function__sd">
<strong class="+ topic/ph hi-d/b ph b">SD 卡烧录</strong>
<p class="- topic/p p" data-ofbid="d281165e564__20250121171752">准备一张 SD 卡,确保该卡只有一个分区,并且格式化为 FAT32/ exFAT 文件系统。</p><p class="- topic/p p" data-ofbid="d281165e566__20250121171752"> 将编译输出目录下的文件复制到
SD 卡的根目录:</p><ul class="- topic/ul ul simple" id="spienc_function__ul_vn4_dp4_fdc" data-ofbid="spienc_function__ul_vn4_dp4_fdc"><li class="- topic/li li" data-ofbid="d281165e569__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e571__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span></p>
</li><li class="- topic/li li" data-ofbid="d281165e575__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e577__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">bootloader.aic</span></p>
</li></ul><p class="- topic/p p" data-ofbid="d281165e581__20250121171752">并且将 <span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span>
中的内容修改为:</p><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_wn4_dp4_fdc" data-ofbid="spienc_function__pre_wn4_dp4_fdc">boot0=bootloader.aic
</pre><p class="- topic/p p" data-ofbid="d281165e588__20250121171752">将该卡插到板卡中,上电运行,即可完成相关 eFuse 的烧录。</p></div>
</li></ol></div>
</section><section class="- topic/section section" id="spienc_function__section_m1w_mq4_fdc" data-ofbid="spienc_function__section_m1w_mq4_fdc"><h2 class="- topic/title title sectiontitle">生成量产固件</h2>
<div class="- topic/p p" data-ofbid="d281165e597__20250121171752">
<div class="- topic/div div section" id="spienc_function__id6">
<div class="- topic/p p" data-ofbid="d281165e601__20250121171752">按照下列流程编译加密的量产固件:<ol class="- topic/ol ol" id="spienc_function__ol_hgj_yq4_fdc" data-ofbid="spienc_function__ol_hgj_yq4_fdc"><li class="- topic/li li" data-ofbid="d281165e604__20250121171752">
<div class="- topic/div div section" id="spienc_function__bootloader">
<strong class="+ topic/ph hi-d/b ph b">BootLoader 配置</strong>
<ol class="- topic/ol ol" type="a" id="spienc_function__ul_ufb_pfp_pdc" data-ofbid="spienc_function__ul_ufb_pfp_pdc"><li class="- topic/li li" data-ofbid="d281165e612__20250121171752">进入 SDK
根目录:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_zn4_dp4_fdc" data-ofbid="spienc_function__pre_zn4_dp4_fdc">cd &lt;SDK_ROOT&gt;</pre></li><li class="- topic/li li" data-ofbid="d281165e616__20250121171752">在 SDK
根目录中执行下列命令:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__codeblock_wfd_qfp_pdc" data-ofbid="spienc_function__codeblock_wfd_qfp_pdc">scons --apply-def=d13x_demo88-nor_baremetal_bootloader_defconfig
</pre></li><li class="- topic/li li" data-ofbid="d281165e620__20250121171752">
<div class="- topic/p p" data-ofbid="d281165e622__20250121171752">打开 BootLoader 的 menuconfig
菜单:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_a44_dp4_fdc" data-ofbid="spienc_function__pre_a44_dp4_fdc">scons --menuconfig</pre></div>
</li><li class="- topic/li li" data-ofbid="d281165e627__20250121171752">
<div class="- topic/p p" data-ofbid="d281165e629__20250121171752">在配置界面,勾选或确认已勾选下列参数:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_b44_dp4_fdc" data-ofbid="spienc_function__pre_b44_dp4_fdc">AIC_USING_SPIENC
AIC_SPIENC_BYPASS_IN_UPGMODE</pre></div>
<div class="- topic/p p" data-ofbid="d281165e634__20250121171752">配置界面示例如下:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_c44_dp4_fdc" data-ofbid="spienc_function__pre_c44_dp4_fdc">Board options ---&gt;
[*] Using Spienc
[*] Bypass during bootloader burn image
[*] Enc qspi0
(<span class="hl-number">0</span>) set qspi0 tweak
[*] Using Efuse/SID
</pre></div>
<div class="- topic/note note note note_note" id="spienc_function__note_ts1_ghf_jdc" data-ofbid="spienc_function__note_ts1_ghf_jdc"><span class="note__title">注:</span>
<p class="- topic/p p" data-ofbid="d281165e641__20250121171752">编译量产固件时,需将编译烧录 eFuse 程序时的代码修改还原。</p>
</div>
</li><li class="- topic/li li" data-ofbid="d281165e645__20250121171752">
<div class="- topic/p p" data-ofbid="d281165e647__20250121171752">在正式发布的固件中,建议将下列参数选项去掉,防止攻击者通过控制台读出 Flash
中的数据,否则可跳过:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_d44_dp4_fdc" data-ofbid="spienc_function__pre_d44_dp4_fdc">AIC_BOOTLOADER_CMD_MTD
AIC_MTD_BARE_TEST
</pre></div>
<div class="- topic/p p" data-ofbid="d281165e652__20250121171752">功能配置界面示例如下:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_e44_dp4_fdc" data-ofbid="spienc_function__pre_e44_dp4_fdc">BootLoader options ---&gt;
Commands ---&gt;
[ ] mtd read/write
Drivers options ---&gt;
Drivers examples ---&gt;
[ ] Enable MTD driver test command
</pre></div>
</li></ol></div>
</li><li class="- topic/li li" data-ofbid="d281165e658__20250121171752">
<div class="- topic/div div section" id="spienc_function__id7">
<strong class="+ topic/ph hi-d/b ph b">应用程序配置</strong>
<ol class="- topic/ol ol" type="a" id="spienc_function__ol_k13_1gp_pdc" data-ofbid="spienc_function__ol_k13_1gp_pdc"><li class="- topic/li li" data-ofbid="d281165e666__20250121171752">进入 SDK
根目录:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_f44_dp4_fdc" data-ofbid="spienc_function__pre_f44_dp4_fdc">cd &lt;SDK_ROOT&gt;</pre></li><li class="- topic/li li" data-ofbid="d281165e670__20250121171752">在 SDK
根目录,执行下列命令:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__codeblock_wn2_3gp_pdc" data-ofbid="spienc_function__codeblock_wn2_3gp_pdc">scons --apply-def=d13x_demo88-nor_rt-thread_helloworld_defconfig
</pre></li><li class="- topic/li li" data-ofbid="d281165e674__20250121171752">
<div class="- topic/p p" data-ofbid="d281165e676__20250121171752">打开 Application 的 menuconfig
菜单:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_g44_dp4_fdc" data-ofbid="spienc_function__pre_g44_dp4_fdc">scons --menuconfig</pre></div>
</li><li class="- topic/li li" data-ofbid="d281165e681__20250121171752">
<div class="- topic/p p" data-ofbid="d281165e683__20250121171752">勾选或确认已勾选下列选项:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_h44_dp4_fdc" data-ofbid="spienc_function__pre_h44_dp4_fdc">AIC_USING_SPIENC</pre></div>
<div class="- topic/p p" data-ofbid="d281165e688__20250121171752">配置界面示例:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_i44_dp4_fdc" data-ofbid="spienc_function__pre_i44_dp4_fdc">Board options ---&gt;
[*] Using Spienc
[*] Enc qspi0
(<span class="hl-number">0</span>) set qspi0 tweak
</pre></div>
</li><li class="- topic/li li" data-ofbid="d281165e693__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e695__20250121171752">在正式版本的固件中,建议删除
<span class="+ topic/ph sw-d/filepath ph filepath">kernel/rt-thread/components/drivers/spi/spi_flash_sfud.c</span>中的
<span class="+ topic/keyword sw-d/cmdname keyword cmdname">sf</span> 命令,防攻击者通过控制台读出 Flash
中的数据,否则可跳过此步。</p>
<div class="- topic/p p" data-ofbid="d281165e704__20250121171752">宏 RT_USING_FINSH
包住的内容:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_k44_dp4_fdc" data-ofbid="spienc_function__pre_k44_dp4_fdc">#<strong class="hl-keyword">if</strong> defined(RT_USING_FINSH)...#endif</pre></div>
</li></ol></div>
</li><li class="- topic/li li" data-ofbid="d281165e710__20250121171752">
<div class="- topic/div div section" id="spienc_function__id8">
<strong class="+ topic/ph hi-d/b ph b">固件签名加密</strong>
<p class="- topic/p p" data-ofbid="d281165e717__20250121171752">
<span class="+ topic/ph sw-d/filepath ph filepath">SDK/target/d13x/demo88-nor/pack/image_cfg.json</span>
中配置并生成签名加密固件。</p>
</div>
</li><li class="- topic/li li" data-ofbid="d281165e724__20250121171752">
<div class="- topic/div div section" id="spienc_function__id9">
<strong class="+ topic/ph hi-d/b ph b">配置生成签名的组件</strong><div class="- topic/p p" data-ofbid="d281165e730__20250121171752">开启了安全启动后,需要对 BootLoader 进行签名。<ul class="- topic/ul ul" id="spienc_function__ul_rzv_vsp_pdc" data-ofbid="spienc_function__ul_rzv_vsp_pdc"><li class="- topic/li li" data-ofbid="d281165e733__20250121171752">
<div class="- topic/p p" data-ofbid="d281165e735__20250121171752">对于 1.0.5 及以前的 SDK参考修改<code class="+ topic/ph pr-d/codeph ph codeph">//
签名相关</code>部分的内容:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_m44_dp4_fdc" data-ofbid="spienc_function__pre_m44_dp4_fdc">{
<span class="hl-string">"spi-nor"</span>: { <em class="hl-comment">// Device, The name should be the same with string in image:info:media:type</em>
<span class="hl-string">"size"</span>: <span class="hl-string">"16m"</span>, <em class="hl-comment">// Size of SPI NAND</em>
<span class="hl-string">"partitions"</span>: {
<span class="hl-string">"spl"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"256k"</span> },
<span class="hl-string">"os"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"2m"</span> },
<span class="hl-string">"rodata"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"6m"</span> },
<span class="hl-string">"data"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"7m"</span> }
},
},
<span class="hl-string">"image"</span>: {
...
},
<span class="hl-string">"info"</span>: { <em class="hl-comment">// Header information about image</em>
...
},
<span class="hl-string">"updater"</span>: { <em class="hl-comment">// Image writer which is downloaded to RAM by USB/UART</em>
...
},
<span class="hl-string">"target"</span>: { <em class="hl-comment">// Image components which will be burn to device's partitions</em>
...
},
<span class="hl-string">"temporary"</span>: { <em class="hl-comment">// Pre-proccess to generate image components from raw data</em>
<span class="hl-string">"aicboot"</span>: {
<span class="hl-string">"bootloader.aic"</span>: {
<span class="hl-string">"head_ver"</span>: <span class="hl-string">"0x00010001"</span>,
<span class="hl-string">"loader"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"bootloader.bin"</span>,
<span class="hl-string">"load address"</span>: <span class="hl-string">"0x30100000"</span>,
<span class="hl-string">"entry point"</span>: <span class="hl-string">"0x30100100"</span>,
},
<span class="hl-string">"resource"</span>: {
<span class="hl-string">"private"</span>: <span class="hl-string">"pbp_cfg.bin"</span>,
<span class="hl-string">"pubkey"</span>: <span class="hl-string">"keys/rsa_public_key.der"</span>, <em class="hl-comment">// 签名相关</em>
<span class="hl-string">"pbp"</span>: <span class="hl-string">"d13x.pbp"</span>,
},
<span class="hl-string">"signature"</span>: { <em class="hl-comment">// 签名相关</em>
<span class="hl-string">"algo"</span>: <span class="hl-string">"rsa,2048"</span>,
<span class="hl-string">"privkey"</span>: <span class="hl-string">"keys/rsa_private_key.der"</span>,
},
},
},
},
}</pre></div>
</li><li class="- topic/li li" data-ofbid="d281165e743__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e745__20250121171752">对于 1.0.6 及以后的 SDK参考修改<code class="+ topic/ph pr-d/codeph ph codeph">//
签名相关</code>部分的内容:</p>
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_n44_dp4_fdc" data-ofbid="spienc_function__pre_n44_dp4_fdc">{
<span class="hl-string">"spi-nor"</span>: { <em class="hl-comment">// Device, The name should be the same with string in image:info:media:type</em>
<span class="hl-string">"size"</span>: <span class="hl-string">"16m"</span>, <em class="hl-comment">// Size of SPI NAND</em>
<span class="hl-string">"partitions"</span>: {
<span class="hl-string">"spl"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"256k"</span> },
<span class="hl-string">"os"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"2m"</span> },
<span class="hl-string">"rodata"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"6m"</span> },
<span class="hl-string">"data"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"7m"</span> }
},
},
<span class="hl-string">"image"</span>: {
...
},
<span class="hl-string">"info"</span>: { <em class="hl-comment">// Header information about image</em>
...
},
<span class="hl-string">"updater"</span>: { <em class="hl-comment">// Image writer which is downloaded to RAM by USB/UART</em>
...
},
<span class="hl-string">"target"</span>: { <em class="hl-comment">// Image components which will be burn to device's partitions</em>
...
},
<span class="hl-string">"pre-process"</span>: { <em class="hl-comment">// before v1.0.6 is the name "temporary"</em>
<span class="hl-string">"aicimage"</span>: { <em class="hl-comment">// Create aic boot image</em>
<span class="hl-string">"usbupg-psram-init.aic"</span>: { <em class="hl-comment">// No loader, only PreBootProgram to initialize PSRAM</em>
<span class="hl-string">"head_ver"</span>: <span class="hl-string">"0x00010001"</span>,
<span class="hl-string">"resource"</span>: {
<span class="hl-string">"private"</span>: <span class="hl-string">"pbp_cfg.bin"</span>,
<span class="hl-string">"pubkey"</span>: <span class="hl-string">"keys/rsa_public_key.der"</span>, <em class="hl-comment">// 签名相关</em>
<span class="hl-string">"pbp"</span>: <span class="hl-string">"d13x.pbp"</span>,
},
<span class="hl-string">"signature"</span>: {
<span class="hl-string">"algo"</span>: <span class="hl-string">"rsa,2048"</span>,
<span class="hl-string">"privkey"</span>: <span class="hl-string">"keys/rsa_private_key.der"</span>, <em class="hl-comment">// 签名相关</em>
},
},
<span class="hl-string">"pbp_ext.aic"</span>: {
<span class="hl-string">"head_ver"</span>: <span class="hl-string">"0x00010001"</span>,
<span class="hl-string">"resource"</span>: {
<span class="hl-string">"pbp"</span>: <span class="hl-string">"d13x.pbp"</span>,
<span class="hl-string">"pubkey"</span>: <span class="hl-string">"keys/rsa_public_key.der"</span>, <em class="hl-comment">// 签名相关</em>
<span class="hl-string">"private"</span>: <span class="hl-string">"pbp_cfg.bin"</span>,
},
<span class="hl-string">"signature"</span>: { <em class="hl-comment">// 签名相关</em>
<span class="hl-string">"algo"</span>: <span class="hl-string">"rsa,2048"</span>,
<span class="hl-string">"privkey"</span>: <span class="hl-string">"keys/rsa_private_key.der"</span>,
},
<em class="hl-comment">// combine to use with loader.aic</em>
<span class="hl-string">"with_ext"</span>: <span class="hl-string">"true"</span>,
},
<span class="hl-string">"loader.aic"</span>: {
<span class="hl-string">"head_ver"</span>: <span class="hl-string">"0x00010001"</span>,
<span class="hl-string">"loader"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"bootloader.bin"</span>,
<span class="hl-string">"load address"</span>: <span class="hl-string">"0x40300000"</span>,
<span class="hl-string">"entry point"</span>: <span class="hl-string">"0x40300100"</span>, <em class="hl-comment">// 256 byte aic header</em>
},
<span class="hl-string">"resource"</span>: {
<span class="hl-string">"private"</span>: <span class="hl-string">"pbp_cfg.bin"</span>,
<span class="hl-string">"pubkey"</span>: <span class="hl-string">"keys/rsa_public_key.der"</span>, <em class="hl-comment">// 签名相关</em>
},
<span class="hl-string">"signature"</span>: { <em class="hl-comment">// 签名相关</em>
<span class="hl-string">"algo"</span>: <span class="hl-string">"rsa,2048"</span>,
<span class="hl-string">"privkey"</span>: <span class="hl-string">"keys/rsa_private_key.der"</span>,
},
},
},
},
}</pre>
</li></ul></div>
</div>
</li><li class="- topic/li li" data-ofbid="d281165e756__20250121171752">
<div class="- topic/div div section" id="spienc_function__id10">
<strong class="+ topic/ph hi-d/b ph b">对组件进行加密</strong>
<p class="- topic/p p" data-ofbid="d281165e763__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">image_cfg.json</span> 的 “temporary” 或
“pre-process” 对象的最后,添加 “spienc” 对象配置。</p><p class="- topic/p p" data-ofbid="d281165e768__20250121171752">此处使用的 AES
加密密钥,即为<span class="+ topic/ph sw-d/filepath ph filepath">SDK/target/d13x/demo88-nor/pack/keys/</span>
文件目录中生成的密钥。</p><p class="- topic/p p" data-ofbid="d281165e777__20250121171752">在下列示例中,配置了一组需要使用
“spienc” 工具进行加密的组件,其中生成
<span class="+ topic/keyword pr-d/parmname keyword parmname">bootloader.aic.enc</span>
组件的配置参数为:</p><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_o44_dp4_fdc" data-ofbid="spienc_function__pre_o44_dp4_fdc">{
<span class="hl-string">"spi-nor"</span>: { <em class="hl-comment">// Device, The name should be the same with string in image:info:media:type</em>
<span class="hl-string">"size"</span>: <span class="hl-string">"16m"</span>, <em class="hl-comment">// Size of SPI NAND</em>
<span class="hl-string">"partitions"</span>: {
<span class="hl-string">"spl"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"256k"</span> },
<span class="hl-string">"os"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"2m"</span> },
<span class="hl-string">"rodata"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"6m"</span> },
<span class="hl-string">"data"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"7m"</span> }
},
},
<span class="hl-string">"image"</span>: {
...
},
<span class="hl-string">"info"</span>: { <em class="hl-comment">// Header information about image</em>
...
},
<span class="hl-string">"updater"</span>: { <em class="hl-comment">// Image writer which is downloaded to RAM by USB/UART</em>
...
},
<span class="hl-string">"target"</span>: { <em class="hl-comment">// Image components which will be burn to device's partitions</em>
...
},
<span class="hl-string">"pre-process"</span>: { <em class="hl-comment">// before v1.0.6 is the name "temporary"</em>
<span class="hl-string">"spienc"</span>: {
<span class="hl-string">"bootloader.aic.enc"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"bootloader.aic"</span>, <em class="hl-comment">// File to be encrypted</em>
<span class="hl-string">"address"</span>: <span class="hl-string">"0x0"</span>, <em class="hl-comment">// Flash start address file to be stored</em>
<span class="hl-string">"key"</span>: <span class="hl-string">"keys/spi_aes.key"</span>, <em class="hl-comment">// Keys the same in eFuse</em>
<span class="hl-string">"nonce"</span>: <span class="hl-string">"keys/spi_nonce.key"</span>, <em class="hl-comment">// Nonce the same in eFuse</em>
<span class="hl-string">"tweak"</span>: <span class="hl-string">"0"</span>,
},
<span class="hl-string">"d13x_os.itb.enc"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"d13x_os.itb"</span>, <em class="hl-comment">// File to be encrypted</em>
<span class="hl-string">"address"</span>: <span class="hl-string">"0x40000"</span>, <em class="hl-comment">// Flash start address file to be stored</em>
<span class="hl-string">"key"</span>: <span class="hl-string">"keys/spi_aes.key"</span>, <em class="hl-comment">// Keys the same in eFuse</em>
<span class="hl-string">"nonce"</span>: <span class="hl-string">"keys/spi_nonce.key"</span>, <em class="hl-comment">// Nonce the same in eFuse</em>
<span class="hl-string">"tweak"</span>: <span class="hl-string">"0"</span>,
},
...
},
},
}
</pre><ul class="- topic/ul ul simple" id="spienc_function__ul_q44_dp4_fdc" data-ofbid="spienc_function__ul_q44_dp4_fdc"><li class="- topic/li li" data-ofbid="d281165e785__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e787__20250121171752">file: 加密的源文件,此处为前面生成的
<span class="+ topic/ph sw-d/filepath ph filepath">bootloader.aic</span> 文件</p>
</li><li class="- topic/li li" data-ofbid="d281165e793__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e795__20250121171752">address: 是加密后的文件,存放在 Flash
的开始位置,这里应根据前面的分区表信息计算得到</p>
</li><li class="- topic/li li" data-ofbid="d281165e798__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e800__20250121171752">key: 使用的加密密钥</p>
</li><li class="- topic/li li" data-ofbid="d281165e803__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e805__20250121171752">nonce: 使用的加密 Nonce 值</p>
</li><li class="- topic/li li" data-ofbid="d281165e808__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e810__20250121171752">tweak: 该值不需要配置,保持为 0 即可</p>
</li></ul><p class="- topic/p p" data-ofbid="d281165e813__20250121171752">
<strong class="+ topic/ph hi-d/b ph b">对于一个或者多个需要进行加密的组件,都应按照上述方式进行配置。</strong>
</p><p class="- topic/p p" data-ofbid="d281165e818__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">mk_image.py</span> 工具在读取
<span class="+ topic/ph sw-d/filepath ph filepath">image_cfg.json</span> 文件时,逐个处理放在 “spienc”
中的配置,生成对应的加密组件,然后再进行打包。</p><div class="- topic/note note important note_important" id="spienc_function__note_byt_l3q_3dc" data-ofbid="spienc_function__note_byt_l3q_3dc"><span class="note__title">重要:</span>
<p class="- topic/p p" data-ofbid="d281165e827__20250121171752">“spienc” 字段应放在 “temporary”/”pre-process” 的最后,因为 “spienc”
处理时可能需要依赖前面配置生成的文件比如”aicboot”。</p>
<p class="- topic/p p" data-ofbid="d281165e830__20250121171752">配置加密时address 需要填写正确,不然加密结果会不正确。</p>
</div></div>
</li><li class="- topic/li li" data-ofbid="d281165e834__20250121171752">
<div class="- topic/div div section" id="spienc_function__id11">
<strong class="+ topic/ph hi-d/b ph b">配置烧录加密组件</strong><p class="- topic/p p" data-ofbid="d281165e840__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">image_cfg.json</span>
中配置下列参数,打包加密组件:</p><ol class="- topic/ol ol arabic simple" type="a" id="spienc_function__ol_s44_dp4_fdc" data-ofbid="spienc_function__ol_s44_dp4_fdc"><li class="- topic/li li" data-ofbid="d281165e846__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e848__20250121171752">updater 中打包的程序,应为非加密程序</p>
<p class="- topic/p p" data-ofbid="d281165e851__20250121171752">updater 中配置的参数,都不是 <span class="+ topic/ph sw-d/filepath ph filepath">.enc</span>
结尾的组件</p>
</li><li class="- topic/li li" data-ofbid="d281165e857__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e859__20250121171752">target 中打包的程序和数据,应为加密后的程序</p>
<p class="- topic/p p" data-ofbid="d281165e862__20250121171752">target 中配置的参数,都是 <span class="+ topic/ph sw-d/filepath ph filepath">.enc</span> 结尾的组件</p>
</li></ol><div class="- topic/p p" data-ofbid="d281165e868__20250121171752">生成加密组件之后,需要打包加密组件,以适配使用 SD 卡烧录加密固件的要求。<ul class="- topic/ul ul arabic simple" id="spienc_function__ol_u44_dp4_fdc" data-ofbid="spienc_function__ol_u44_dp4_fdc"><li class="- topic/li li" data-ofbid="d281165e871__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e873__20250121171752">SD 卡启动时,首先运行 updater 中的程序,进入烧录模式。此时由于数据是从 SD
卡加载的,不能为加密程序,否则无法正常执行</p>
</li><li class="- topic/li li" data-ofbid="d281165e876__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e878__20250121171752">target 中打包的程序是要烧录到 Flash
的数据,如果不加密,则无法起到保护的作用,因此需要打包加密后的组件</p>
</li></ul></div><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_x44_dp4_fdc" data-ofbid="spienc_function__pre_x44_dp4_fdc">{
<span class="hl-string">"spi-nor"</span>: { <em class="hl-comment">// Device, The name should be the same with string in image:info:media:type</em>
<span class="hl-string">"size"</span>: <span class="hl-string">"16m"</span>, <em class="hl-comment">// Size of SPI NAND</em>
<span class="hl-string">"partitions"</span>: {
<span class="hl-string">"spl"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"256k"</span> },
<span class="hl-string">"os"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"2m"</span> },
<span class="hl-string">"rodata"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"6m"</span> },
<span class="hl-string">"data"</span>: { <span class="hl-string">"size"</span>: <span class="hl-string">"7m"</span> }
},
},
<span class="hl-string">"image"</span>: {
...
},
<span class="hl-string">"info"</span>: { <em class="hl-comment">// Header information about image</em>
...
},
<span class="hl-string">"updater"</span>: { <em class="hl-comment">// Image writer which is downloaded to RAM by USB/UART</em>
<span class="hl-string">"psram"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"uartupg-psram-init.aic"</span>,
<span class="hl-string">"attr"</span>: [<span class="hl-string">"required"</span>, <span class="hl-string">"run"</span>],
<span class="hl-string">"ram"</span>: <span class="hl-string">"0x30043000"</span>
},
<span class="hl-string">"spl"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"bootloader.aic"</span>,
<span class="hl-string">"attr"</span>: [<span class="hl-string">"required"</span>, <span class="hl-string">"run"</span>],
<span class="hl-string">"ram"</span>: <span class="hl-string">"0x40100000"</span>
},
},
<span class="hl-string">"target"</span>: { <em class="hl-comment">// Image components which will be burn to device's partitions</em>
<span class="hl-string">"spl"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"bootloader.aic.enc"</span>,
<span class="hl-string">"attr"</span>: [<span class="hl-string">"mtd"</span>, <span class="hl-string">"required"</span>],
<span class="hl-string">"part"</span>: [<span class="hl-string">"spl"</span>]
},
<span class="hl-string">"os"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"d13x_os.itb.enc"</span>,
<span class="hl-string">"attr"</span>: [<span class="hl-string">"mtd"</span>, <span class="hl-string">"required"</span>],
<span class="hl-string">"part"</span>: [<span class="hl-string">"os"</span>]
},
<span class="hl-string">"rodata"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"rodata.fatfs.enc"</span>,
<span class="hl-string">"attr"</span>: [<span class="hl-string">"mtd"</span>, <span class="hl-string">"optional"</span>],
<span class="hl-string">"part"</span>: [<span class="hl-string">"rodata"</span>]
},
<span class="hl-string">"data"</span>: {
<span class="hl-string">"file"</span>: <span class="hl-string">"data.lfs.enc"</span>,
<span class="hl-string">"attr"</span>: [<span class="hl-string">"mtd"</span>, <span class="hl-string">"optional"</span>],
<span class="hl-string">"part"</span>: [<span class="hl-string">"data"</span>]
},
},
<span class="hl-string">"pre-process"</span>: { <em class="hl-comment">// before v1.0.6 is the name "temporary"</em>
...
},
}
</pre>
</div>
</li></ol></div>
</div>
</div>
</section><section class="- topic/section section" id="spienc_function__section_dwt_zp4_fdc" data-ofbid="spienc_function__section_dwt_zp4_fdc"><h2 class="- topic/title title sectiontitle">量产</h2>
<ul class="- topic/ul ul" id="spienc_function__ul_jll_n3q_3dc" data-ofbid="spienc_function__ul_jll_n3q_3dc"><li class="- topic/li li" data-ofbid="d281165e894__20250121171752">
<div class="- topic/div div section" id="spienc_function__aiburnpro">
<strong class="+ topic/ph hi-d/b ph b">AiBurnPro 量产</strong>
<p class="- topic/p p" data-ofbid="d281165e901__20250121171752">直接使用 AiBurnPro 量产编译生成的固件
<span class="+ topic/ph sw-d/filepath ph filepath">outputd13x_demo88-nor_rt-thread_helloworldimagesd13x_demo88-nor_v1.0.0.img</span></p></div>
</li><li class="- topic/li li" data-ofbid="d281165e907__20250121171752">
<div class="- topic/div div section" id="spienc_function__id13">
<strong class="+ topic/ph hi-d/b ph b">SD 卡量产方式</strong><ul class="- topic/ul ul" id="spienc_function__ul_qsz_1r4_fdc" data-ofbid="spienc_function__ul_qsz_1r4_fdc"><li class="- topic/li li" data-ofbid="d281165e914__20250121171752">
<div class="- topic/div div section" id="spienc_function__id14">
<strong class="+ topic/ph hi-d/b ph b">标准方式</strong>
<p class="- topic/p p" data-ofbid="d281165e921__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span> + 打包后的镜像文件,如
<span class="+ topic/ph sw-d/filepath ph filepath">d13x_demo88-nor_v1.0.0.img</span></p><p class="- topic/p p" data-ofbid="d281165e927__20250121171752">
此方式只需要编译生成下列文件后,复制到 SD 卡 FAT32 文件系统的根目录,平台重新上电即可进入烧录:</p><ul class="- topic/ul ul simple" id="spienc_function__ul_ap4_dp4_fdc" data-ofbid="spienc_function__ul_ap4_dp4_fdc"><li class="- topic/li li" data-ofbid="d281165e930__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e932__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span></p>
</li><li class="- topic/li li" data-ofbid="d281165e936__20250121171752">
<p class="- topic/p p" data-ofbid="d281165e938__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">d13x_demo88-nor_v1.0.0.img</span></p>
</li></ul><p class="- topic/p p" data-ofbid="d281165e942__20250121171752"> </p></div>
</li><li class="- topic/li li" data-ofbid="d281165e945__20250121171752">
<div class="- topic/div div section" id="spienc_function__direct-mode">
<strong class="+ topic/ph hi-d/b ph b">Direct Mode</strong>
<p class="- topic/p p" data-ofbid="d281165e952__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span> + 具体的组件</p><p class="- topic/p p" data-ofbid="d281165e956__20250121171752">此方式需要修改
<span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span>,并且将
<span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span> 和使用到的组件复制到 SD 卡 FAT32
文件系统的根目录,平台重新上电即可进入烧录模式。</p><p class="- topic/p p" data-ofbid="d281165e964__20250121171752"><span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span>
示例:</p><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="spienc_function__pre_cp4_dp4_fdc" data-ofbid="spienc_function__pre_cp4_dp4_fdc">boot0=bootloader.aic
writetype=spi-nor
writeintf=<span class="hl-number">0</span>
write0=bootloader.aic.enc
write1=d13x_os.itb.enc,<span class="hl-number">0x40000</span>
write2=rodata.fatfs.enc,<span class="hl-number">0x240000</span>
write3=data.fatfs.enc,<span class="hl-number">0x840000</span>
</pre><div class="- topic/note note important note_important" id="spienc_function__note_bzd_pq4_fdc" data-ofbid="spienc_function__note_bzd_pq4_fdc"><span class="note__title">重要:</span>
<p class="- topic/p p" data-ofbid="d281165e972__20250121171752">在修改 <span class="+ topic/ph sw-d/filepath ph filepath">bootcfg.txt</span> 文件后,确保使用 UNIX
格式的换行符,非 DOS 格式的换行符,即 n 换行,非 rn 换行。</p>
</div></div>
</li></ul></div>
</li></ul>
</section></div></article></main></div>
</div>
<nav role="navigation" id="wh_topic_toc" aria-label="On this page" class="col-lg-2 d-none d-lg-block navbar d-print-none">
<div id="wh_topic_toc_content">
<div class=" wh_topic_toc "><div class="wh_topic_label">在本页上</div><ul><li class="section-item"><div class="section-title"><a href="#spienc_function__section_sw1_bvp_pdc" data-tocid="spienc_function__section_sw1_bvp_pdc">应用场景</a></div></li><li class="section-item"><div class="section-title"><a href="#spienc_function__section_vsw_dvp_pdc" data-tocid="spienc_function__section_vsw_dvp_pdc">方案介绍</a></div></li><li class="section-item"><div class="section-title"><a href="#spienc_function__section_gvt_wvp_pdc" data-tocid="spienc_function__section_gvt_wvp_pdc">开启防抄板功能</a></div></li><li class="section-item"><div class="section-title"><a href="#spienc_function__section_bmh_mq4_fdc" data-tocid="spienc_function__section_bmh_mq4_fdc">生成 eFuse 烧录固件</a></div></li><li class="section-item"><div class="section-title"><a href="#spienc_function__section_m1w_mq4_fdc" data-tocid="spienc_function__section_m1w_mq4_fdc">生成量产固件</a></div></li><li class="section-item"><div class="section-title"><a href="#spienc_function__section_dwt_zp4_fdc" data-tocid="spienc_function__section_dwt_zp4_fdc">量产</a></div></li></ul></div>
</div>
</nav>
</div>
</div>
</div>
<footer class="navbar navbar-default wh_footer">
<div class=" footer-container mx-auto ">
<title>footer def</title>
<style><!--
.p1 {
font-family: FangZhengShuSong, Times, serif;
}
.p2 {
font-family: Arial, Helvetica, sans-serif;
}
.p3 {
font-family: "Lucida Console", "Courier New", monospace;
}
--></style>
<div class="webhelp.fragment.footer">
<p class="p1">Copyright © 2019-2024 广东匠芯创科技有限公司. All rights reserved.</p>
</div><div>
<div class="generation_time">
Update Time: 2025-01-21
</div>
</div>
</div>
</footer>
<div id="go2top" class="d-print-none">
<span class="oxy-icon oxy-icon-up"></span>
</div>
<div id="modal_img_large" class="modal">
<span class="close oxy-icon oxy-icon-remove"></span>
<div id="modal_img_container"></div>
<div id="caption"></div>
</div>
<script src="${pd}/publishing/publishing-styles-AIC-template/js/custom.js" defer="defer"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink