Image signing keysΒΆ
TFM_S_KEY.json - private OEM key for signing CM0P image
TFM_S_KEY_PRIV.pem - private OEM key for signing CM0P image in PEM format
TFM_NS_KEY.json - private OEM key for signing CM4 image
TFM_NS_KEY_PRIV.pem - private OEM key for signing CM4 image in PEM format
The keys included in the repository are for reference and development only. DO NOT USE THESE KEYS IN ANY ACTUAL DEPLOYMENT!
Use cysecuretools to generate new key pairs defined by the policy file, for example:
cd platform/ext/target/cypress/psoc64/security
cysecuretools -t cy8ckit-064s0s2-4343w init
cysecuretools -t cy8ckit-064s0s2-4343w -p policy/policy_multi_CM0_CM4_tfm.json create-keys
Signing keys have to be provisioned to the board:
cysecuretools -t cy8ckit-064s0s2-4343w -p policy/policy_multi_CM0_CM4_tfm.json re-provision-device
Please refer to cysecuretools documentation and cypress_psoc64_spec.rst for more details.