Description for GEKO bootloader files and security keys, which are generated for Lyra device

Answer

Please find below the naming description of:

  • Signed and unsigned binaries of the Bootloader. 
  • Unsigned images of ApploaderApplication.
  • Other GBL files.
  • The script for creating the GBL files targeting both platforms Linux and Windows.
  • The public and private keys, that are used for signing the images.

The following list describes the files:

signing-key-tokens.txt - file is used by commander to program devices during manufacturing. The tokens are generated from the specific private keys, so there is no issue with outsiders using these public tokens to generate malware. However, these tokens are used by the chip to validate signed images for Second Stage BootloaderApploader and Application firmware images received in the future. The key tokens come in an X,Y pair.

signing-key - file is in a Privacy Enhanced Mail (PEM) format. This is common for certificates in Web servers and was used for storing the private keys. This cannot be discovered by other users. If others gain access to the private key, they could generate images that the device would validate using the public keys generated by this private key. The private key should be securely stored. This file was used to sign bootloader image.

signing-key.pub - file contains the public key that can be used to verify that the GBL files were generated by the correct private key. If you were to verify the OTA upgrade on another platform, like a gateway or smartphone app, they would likely consume this PEM-encoded public key file.
app-sign-key.pem - this file is identical to signing-key file and was used to sign the Apploader and Application images.

create_bl_files.sh - script is targeting Linux platform and included in soc-empty template. It creates GBL signed and unsigned files.

create_bl_files.bat - script is targeting Windows platform and included in soc-empty template. It creates GBL signed and unsigned files.

application.gbl - unsigned GBL file for soc-empty application.

application-signed.gbl - signed GBL file for soc-empty application.

apploader.gbl - unsigned GBL file for Apploader.

apploader-signed.gbl - signed GBL file for Apploader.

full.gbl - unsigned GBL file for Apploader and soc-empty Application.

full-signed.gbl - signed GBL file for Apploader and soc-empty Application.

bootloader-storage-internal-single-512k.axf/bin/hex/s37/-crc.s37 - second stage bootloader unsigned image in different formats including CRC.

bootloader-storage-internal-single-512k-signed.s37 - second stage bootloader signed S-record image.

soc-empty.axf/bin/hex/s37 - soc-empty unsigned image in different formats.