楼主 # 2025-09-08 19:48:50 分享评论
- xfdr0805
- 会员
- 注册时间: 2020-07-23
- 已发帖子: 345
- 积分: 383
有人测试过 d13x 加密方案吗?我试了下结果再也无法启动了
参照文档进行操作,结果再也无法烧录了,也无法运行。
Pre-boot 也看不到输出了 SPL也无法执行。密钥肯定正确,不知道哪个环节出了问题,请玩过的大佬指点一下,谢谢!
keys文件夹下的文件已经正确生成,镜像也打包成功,但是无法运行。
镜像配置文件
{
"spi-nor": { // Device, The name should be the same with string in image:info:media:type
"size": "8m", // Size of SPI NOR
"partitions": {
"spl": { "size": "256k" },
"os": { "size": "5m" },
"rootfs": { "size": "2m" }
},
},
"image": {
"info": { // Header information about image
"platform": "d13x",
"product": "wif_clock",
"version": "1.0.0",
"media": {
"type": "spi-nor",
"device_id": 0,
}
},
"updater": { // Image writer which is downloaded to RAM by USB
"psram": {
"file": "usbupg-psram-init.aic",
"attr": ["required", "run"],
"ram": "0x30044000"
},
"spl": {
"file": "bootloader.aic",
"attr": ["required", "run"],
"ram": "0x30100000"
},
},
"target": { // Image components which will be burn to device's partitions
"spl": {
"file": "bootloader.aic.enc",
"attr": ["mtd", "required"],
"part": ["spl"]
},
"os": {
"file": "d13x_os.itb.enc",
"attr": ["mtd", "required"],
"part": ["os"]
},
"rootfs": {
"file": "data.fatfs.enc",
"attr": ["mtd", "optional"],
"part": ["rootfs"]
},
},
},
"pre-process": { // Pre-proccess to generate image components from raw data
"aicimage": { // Create aic boot image
"usbupg-psram-init.aic": { // No loader, only PreBootProgram to initialize PSRAM
"head_ver": "0x00010001",
"resource": {
"private": "pbp_cfg.bin",
"pubkey": "keys/rsa_public_key.der",
"pbp": "d13x.pbp",
},
"encryption": {
"algo": "aes-128-cbc",
"key": "keys/aes-128-cbc-key.bin",
"iv": "keys/aes-128-cbc-iv.bin",
},
"ssk_derived_key": "true",
"signature": {
"algo": "rsa,2048",
"privkey": "keys/rsa_private_key.der",
},
},
"pbp_ext.aic": {
"head_ver": "0x00010001",
"resource": {
"pbp": "d13x.pbp",
"pubkey": "keys/rsa_public_key.der",
"private": "pbp_cfg.bin",
},
"encryption": {
"algo": "aes-128-cbc",
"key": "keys/aes-128-cbc-key.bin",
"iv": "keys/aes-128-cbc-iv.bin",
},
"ssk_derived_key": "true",
"signature": {
"algo": "rsa,2048",
"privkey": "keys/rsa_private_key.der",
},
// combine to use with loader.aic
"with_ext": "true",
},
"loader.aic": {
"head_ver": "0x00010001",
"loader": {
"file": "bootloader.bin",
"load address": "CONFIG_AIC_BOOTLOADER_LOAD_BASE",
"entry point": "CONFIG_AIC_BOOTLOADER_TEXT_BASE", // 256 byte aic header
},
"resource": {
"private": "pbp_cfg.bin",
"pubkey": "keys/rsa_public_key.der",
},
"encryption": {
"algo": "aes-128-cbc",
"key": "keys/aes-128-cbc-key.bin",
"iv": "keys/aes-128-cbc-iv.bin",
},
"ssk_derived_key": "true",
"signature": {
"algo": "rsa,2048",
"privkey": "keys/rsa_private_key.der",
},
},
},
"concatenate": { // cat files in order
"bootloader.aic": ["pbp_ext.aic", "loader.aic"],
},
"itb": { // Create itb image from its
"d13x_os.itb": {
"its": "d13x_os.its"
},
},
"data_crypt": {
"bootloader.aic.enc": {
"algo": "spienc-aes-128-ecb",
"file": "bootloader.aic", // File to be encrypted
"key": "keys/spi_aes.key", // Keys the same in eFuse
"nonce": "keys/spi_nonce.key", // Nonce the same in eFuse
"tweak": "0",
},
"env.bin.enc": {
"algo": "spienc-aes-128-ecb",
"file": "env.bin", // File to be encrypted
"key": "keys/spi_aes.key", // Keys the same in eFuse
"nonce": "keys/spi_nonce.key", // Nonce the same in eFuse
"tweak": "0",
},
"d13x_os.itb.enc": {
"algo": "spienc-aes-128-ecb",
"file": "d13x_os.itb", // File to be encrypted
"key": "keys/spi_aes.key", // Keys the same in eFuse
"nonce": "keys/spi_nonce.key", // Nonce the same in eFuse
"tweak": "0",
},
"data.fatfs.enc": {
"algo": "spienc-aes-128-ecb",
"file": "data.fatfs", // File to be encrypted
"key": "keys/spi_aes.key", // Keys the same in eFuse
"nonce": "keys/spi_nonce.key", // Nonce the same in eFuse
"tweak": "0",
},
},
},
}离线
楼主 #1 2025-09-09 09:35:28 分享评论
- xfdr0805
- 会员
- 注册时间: 2020-07-23
- 已发帖子: 345
- 积分: 383
Re: 有人测试过 d13x 加密方案吗?我试了下结果再也无法启动了
没人测试过官方提供的加密方案吗?
离线
#2 2025-09-09 19:32:03 分享评论
- gemrisk
- 会员
- 注册时间: 2024-09-04
- 已发帖子: 3
- 积分: 33
Re: 有人测试过 d13x 加密方案吗?我试了下结果再也无法启动了
@xfdr0805
spienc 的量产安全方案中,是不需要加下面这段代码的
"encryption": {
"algo": "aes-128-cbc",
"key": "keys/aes-128-cbc-key.bin",
"iv": "keys/aes-128-cbc-iv.bin",
},
"ssk_derived_key": "true"
离线
楼主 #3 2025-09-09 21:21:13 分享评论
- xfdr0805
- 会员
- 注册时间: 2020-07-23
- 已发帖子: 345
- 积分: 383
Re: 有人测试过 d13x 加密方案吗?我试了下结果再也无法启动了
@gemrisk
一开始我是没加,但是烧录后不能运行,参照demo就加上了,结果还是不能运行。
我只要固件加密还不需要硬件授权认证,SPI ENC [KEY NONCE ROTPK] 已经烧录好了。
离线
感谢为中文互联网持续输出优质内容的各位老铁们。
QQ: 516333132, 微信(wechat): whycan_cn (哇酷网/挖坑网/填坑网) service@whycan.cn