cat > svb_manifest.yaml << EOF root_of_trust: key: /secure/root_key.pem algorithm: rsassa-pss stages: - name: spl path: spl.bin - name: uboot path: u-boot.bin EOF
sha256sum spl.bin > spl.hash sha256sum u-boot.bin > uboot.hash svb configs
config = "rollback_index": 1, "spl_digest": spl_hash, "uboot_digest": hashlib.sha256(open("u-boot.bin","rb").read()).hexdigest() cat > svb_manifest
# make_svb_config.py import json, hashlib with open("spl.hash") as f: spl_hash = f.read().split()[0] spl.hash sha256sum u-boot.bin >
openssl dgst -sha256 -sign private.pem -out svb_config.sig svb_config.json
json.dump(config, open("svb_config.json","w"))