You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -16,30 +16,98 @@ Although this service can be used via raw vcmailbox commands the
16
16
recommended API is either the command line rpi-fw-crypto application
17
17
or the librpifwcrypto.so shared library.
18
18
19
-
**Build Instructions**
20
-
Install prerequisites with "sudo apt install cmake libgnutls28-dev"" - you need at least version 3.10.
21
-
22
-
-*mkdir build*
23
-
-*cd build*
24
-
-*cmake ..*
25
-
-*make*
26
-
-*sudo make install*
27
-
28
-
**Usage**
29
-
30
-
* rpi-fw-crypto -h (Displays usage instructions for all operations)
31
-
* rpi-fw-crypto get-num-otp-keys (Returns the number of OTP key slots)
32
-
* rpi-fw-crypto sign --in message.bin --key-id 1 --alg ec --out sig.bin (Signs message.bin with the device unique OTP key (id 1))
33
-
* rpi-fw-crypto get-key-status 1 (Gets the status of key-id 1)
34
-
* rpi-fw-crypto set-key-status 1 LOCKED (Blocks the raw OTP read API on this key until the device is rebooted)
35
-
* rpi-fw-crypto get-key-usage 1 (Gets the usage of key-id 1)
36
-
* rpi-fw-crypto set-key-usage 1 0x1 (Sets the usage of key-id 1 to RPI_CONNECT in OTP)
37
-
* rpi-fw-crypto hmac --in message.bin --key-id 1 --out hmac.bin (Generates the SHA256 HMAC of message.bin and OTP key id 1)
38
-
* rpi-fw-crypto pubkey --key-id 1 --out device-pub.der (Derives and retrieves the corresponding public key for the specified device private ECDSA P256 key)
39
-
* rpi-fw-crypto privkey --key-id 1 --out device-priv.der (Retrieves the device private key - in DER form - will error if key status is locked)
40
-
* rpi-fw-crypto genkey --key-id 1 --alg ec (Generates an ECDSA P256 key-pair and writes the private key to the OTP)
41
-
42
-
**Locking the device private key**
19
+
## Build Instructions
20
+
21
+
Install prerequisites with `sudo apt install cmake libgnutls28-dev` - you need at least version 3.10.
22
+
23
+
```
24
+
mkdir build
25
+
cd build
26
+
cmake ..
27
+
make
28
+
sudo make install
29
+
```
30
+
31
+
## Usage
32
+
33
+
Display usage instructions for all operations:
34
+
35
+
```
36
+
rpi-fw-crypto -h
37
+
```
38
+
39
+
Return the number of OTP key slots:
40
+
41
+
```
42
+
rpi-fw-crypto get-num-otp-keys
43
+
```
44
+
45
+
Sign message.bin with the device unique OTP key (id 1):
0 commit comments