• If you provide a private key with the length of 4096 bits, the command will compute
SHA512 digest and encrypt it with the provided key and add the result with the provided
UUID to the appropriate image signature.
You can sign with two keys in the same command by providing keys with lengths of 2048 and4096 bits.
The flags to be used for the first private key and uuid are “--private_key“ and “--key_uuid”, and for the
second private and uuid use “--private_key2” and“–key_uuid2”.
The motivation for signing with two keys is to allow a firmware update from both firmwares, theone
that supports only 2048bit keys and the one that supports 4096bit keys.
Examples:
# mstflint -i /tmp/image.bin sign --private_key privatekey.pem --key_uuid
"e0129552-13ba-11e7-a990-0cc47a6d39d2"
# mstflint -i /tmp/image.bin sign --private_key privatekey_2048.pem --key_uuid
"e0129552-13ba-11e7-a990-0cc47a6d39d2" --private_key2 privatekey_4096.pem --
key_uuid2 "a0b43568-17cb-16e9-a990-0ff47a6d39e4"
Setting a “Public Keys” Section in a Binary Image File
To override the public keys section in a given binary image file, use set_public_key.
# mstflint -i /tmp/image.bin set_public_keys public_key.bin
Setting a "Forbidden Versions" Section in a Binary Image
File
To override the forbidden versions section in a given binary image file, useset_forbidden_versions.
# mstflint -i /tmp/image.bin set_forbidden_versions forbidden_versions.bin
Secure Firmware Implications on Burning Tools
When Secure Firmware is enabled, the mstflint output slightly changes due to the differences in
theunderlying NIC accessing methods. Some functionalities may be restricted according to thedevice
security level.
mstflint query under secure mode:
# mstflint -d 41:00.0 q
Image type: FS3
FW Version: 12.19.2278
FW Release Date: 7.6.2017
Description: UID GuidsNumber
Base GUID: 7cfe90030029205e 4
Base MAC: 00007cfe9029205e 4
Image VSD:
Device VSD:
PSID: MT_2190110032
Security Attributes: secure-fw, dev
To Next Page
Loading...
Need help?
General