From: Stephen Warren <swarren@xxxxxxxxxx>
Expand documentation of --pkc, --gen-signed-msgs, and
--download-signed-msgs.
Clean up various capitalization issues.
Fix a typo, in the code too.
Signed-off-by: Stephen Warren <swarren@xxxxxxxxxx>
---
src/main.c | 2 +-
src/tegrarcm.1.in | 66 ++++++++++++++++++++++++++++++++++++-------------------
2 files changed, 45 insertions(+), 23 deletions(-)
diff --git a/src/main.c b/src/main.c
index f20ab3a98729..b1111e7fb60e 100644
--- a/src/main.c
+++ b/src/main.c
@@ -429,7 +429,7 @@ int main(int argc, char **argv)
if (entryaddr == 0) {
entryaddr = loadaddr;
}
- printf("booloader file: %s\n", blfile);
+ printf("bootloader file: %s\n", blfile);
printf("load addr 0x%x\n", loadaddr);
printf("entry addr 0x%x\n", entryaddr);
}
diff --git a/src/tegrarcm.1.in b/src/tegrarcm.1.in
index b7cba7f062fe..fdf43ccae64f 100644
--- a/src/tegrarcm.1.in
+++ b/src/tegrarcm.1.in
@@ -1,20 +1,42 @@
.TH tegrarcm 1 "29 November 2012" "tegrarcm-VERSION" "NVIDIA Tegra Firmware Download Tool"
.IX tegrarcm
.SH NAME
-tegrarcm \- tegra firmware download utility
+tegrarcm \- Tegra firmware download utility
.SH SYNOPSIS
.B tegrarcm
[
.I options
]
.SH DESCRIPTION
-This program is used to send code to a Tegra device in recovery mode.
-It also supports locked devices with pkc private key, such as Jetson
-tk1 board. It is not capable of flashing firmware to a device, but can
-be used to download firmware that is then capable of flashing. For
-example in ChromeOS tegrarcm is used to download a special build of
-u-boot to the target Tegra device with a payload that it then flashes
-to the boot device.
+This program is used to send code to a Tegra device in recovery mode. It
+supports both unlocked devices, and those locked with a PKC (private key). It
+is not capable of flashing firmware to a device, but can be used to download
+firmware that is then capable of flashing. For example in ChromeOS tegrarcm is
+used to download a special build of U-Boot to the target Tegra device with a
+payload that it then flashes to the boot memory device.
+
+Devices with PKC enabled may be handled in two different ways:
+
+.IP 1.
+Data may be signed on-the-fly, during communication with the Tegra device, by
+providing the \-\-pkc options. This method is the simplest, but requires access
+to the device's PKC during the download process.
+
+.IP 2.
+The signing and download steps may be separated. Signed data may first be
+prepared offline, without requiring access to a Tegra device, using the
+\-\-gen\-signed\-msgs option. The signed data may later be sent to a Tegra
+device using the \-\-download\-signed\-msgs option.
+
+Both of these steps require use of the \-\-gen\-signed\-msgs option to indicate
+where to write/read the signed messages. This option provides a base filename,
+to which various extensions will be appended, to form the final filenames for
+the various signed data/messages.
+
+This method is more complex, but allows separation of the download and signing
+processes. For example, a highly secure signing machine could generate the
+signed messages and pass them to a factory system for download to the Tegra
+device.
.SS Platforms supported
.IP \(bu
@@ -35,7 +57,7 @@ depending on the target board.
Find the appropriate BCT file for your board. For reference boards,
BCT files can be found in the L4T distribution from NVIDIA.
.IP \(em
-Build some firmware for your device (such as u-boot)
+Build some firmware for your device (such as U-Boot)
.IP \(em
Run tegrarcm to download the firmware
@@ -48,7 +70,7 @@ Read the BCT from the target device and write it to \fIbctfile\fP.
.TP
.B \-\-bct \fIbctfile\fP
Specify the BCT file to download to the Tegra device. This file contains
-memory configuation information for the board. BCT files can be
+memory configuration information for the board. BCT files can be
obtained through the NVIDIA L4T distribution or generated with
cbootimage and a proper configuration file.
.TP
@@ -86,7 +108,7 @@ Specify the physical USB port path of the Tegra device to control.
Specify the key file for secured devices. The private key should be in DER format.
.TP
.B \-\-gen\-signed\-msgs
-Generate signed messages for pkc secured devices.
+Generate signed messages for PKC secured devices.
.TP
.B \-\-signed\-msgs\-file \fImsg_file_prefix\fP
Specify messages file name prefix.
@@ -134,8 +156,7 @@ fi
Then, to determine the USB port path, do one of:
.IP 1.
-
-Execute udevmadm on the USB device, and look for the DEVPATH entry. The
+Execute udevadm on the USB device, and look for the DEVPATH entry. The
final component in the path is the USB port path:
.nf
@@ -148,7 +169,6 @@ E: DEVPATH=/devices/pci0000:00/0000:00:14.0/usb3/3-10/3-10.4
.fi
.IP 2.
-
Look at all the sub-directories of /sys/bus/usb/devices/* that do not
contain either ":" or "usb". Each of these will contain a busnum and
devnum file. Find the directory which matches the lsusb output, and use
@@ -172,12 +192,12 @@ connections are physically changed, so you can use it over and over
without repeating the steps above.
.SH EXAMPLES
-1) To download unsigned u-boot firmware to a Tegra20 seaboard:
+1) To download U-Boot to Seaboard, with no PKC enabled:
.nf
$ sudo tegrarcm --bct seaboard.bct --bootloader u-boot.bin --loadaddr 0x108000
bct file: seaboard.bct
-booloader file: u-boot.bin
+bootloader file: u-boot.bin
load addr 0x108000
entry addr 0x108000
device id: 0x7820
@@ -213,12 +233,12 @@ device id: 0x7820
reading BCT from system, writing to ventana.bct...done!
.fi
-3) To download with auto-signing u-boot.bin to jetson-tk1 target:
+3) To download U-Boot to Jetson TK1, with PKC enabled, in one step:
.nf
$ sudo tegrarcm --bct=jetson-tk1.bct --bootloader=u-boot.bin --loadaddr=0x83d88000 --pkc=rsa_priv.der
bct file: jetson-tk1-bct.bct
-booloader file: u-boot.bin
+bootloader file: u-boot.bin
load addr 0x83d88000
entry addr 0x83d88000
device id: 0x7140
@@ -245,11 +265,12 @@ sending file: u-boot.bin
u-boot.bin sent successfully
.fi
-4) To generate signed messages for jetson-tk1 target:
+4) To generate signed messages that will allow later downloading of U-Boot to
+Jetson TK1 with PKC enabled:
.nf
$ sudo tegrarcm --gen-signed-msgs --signed-msgs-file rel_1001.bin --bootloader=u-boot.bin --loadaddr 0x83d88000 --soc 124 --pkc rsa_priv.der
-booloader file: u-boot.bin
+bootloader file: u-boot.bin
load addr 0x83d88000
entry addr 0x83d88000
Create file rel_1001.bin.qry...
@@ -258,12 +279,13 @@ Create file rel_1001.bin.bl...
.fi
-5) To download signed messages to jetson-tk1 target:
+5) To download previously-generated signed messages to Jetson TK1 with PKC
+enabled:
.nf
$ sudo tegrarcm --download-signed-msgs --signed-msgs-file rel_1001.bin --bct=jetson-tk1-bct.bct --bootloader=u-boot.bin --loadaddr 0x83d88000
bct file: jetson-tk1-bct.bct
-booloader file: u-boot.bin
+bootloader file: u-boot.bin
load addr 0x83d88000
entry addr 0x83d88000
device id: 0x7140
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-tegra" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
