pstruebi
fc0b75af8f
- Added gen-secure-msd-sig.sh to sign boot.img with private key using rpi-eeprom-digest - Added rpi-boot-secure.sh to load signed secure-boot mass storage gadget via rpiboot - Updated .gitignore to exclude usbboot/ directory - Updated README with secure boot CM4 unlock instructions
45 lines
1.3 KiB
Bash
45 lines
1.3 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
USBBOOT_DIR="${SCRIPT_DIR}/usbboot"
|
|
MSD_DIR="${USBBOOT_DIR}/secure-boot-msd"
|
|
|
|
if [[ ! -d "${USBBOOT_DIR}" ]]; then
|
|
echo "Error: usbboot/ directory not found next to this script (${USBBOOT_DIR})." >&2
|
|
echo " Please clone https://github.com/raspberrypi/usbboot into the project root." >&2
|
|
exit 1
|
|
fi
|
|
|
|
if [[ ! -x "${USBBOOT_DIR}/rpiboot" ]]; then
|
|
echo "Error: rpiboot binary not found at ${USBBOOT_DIR}/rpiboot." >&2
|
|
echo " Build it via: cd usbboot && make" >&2
|
|
exit 1
|
|
fi
|
|
|
|
if [[ ! -f "${MSD_DIR}/boot.img" ]]; then
|
|
echo "Error: ${MSD_DIR}/boot.img not found." >&2
|
|
echo " Use the usbboot secure-boot docs to generate a suitable boot.img." >&2
|
|
exit 1
|
|
fi
|
|
|
|
if [[ ! -f "${MSD_DIR}/boot.sig" ]]; then
|
|
echo "Error: ${MSD_DIR}/boot.sig not found." >&2
|
|
echo " Sign boot.img with your private key using rpi-eeprom-digest to create boot.sig." >&2
|
|
exit 1
|
|
fi
|
|
|
|
cat <<EOF
|
|
Put the CM4 into USB boot mode now:
|
|
- Power off the CM4
|
|
- Ensure the USB boot pins/jumper are set correctly
|
|
- Connect the USB cable to your host
|
|
- Apply power to the CM4
|
|
|
|
Waiting for device and loading secure-boot mass-storage gadget...
|
|
EOF
|
|
|
|
cd "${MSD_DIR}"
|
|
"${USBBOOT_DIR}/rpiboot" -d .
|