Family identifier including the chip revision. If revision is not present, latest revision is used as default.
Revision of silicon
[Deprecated] The final use of image, this setting is changing the style of offsets in final container.
Target memory for AHAB container
Output AHAB file name
The order of containers in the list defines the order in AHAB.
Must contain a minimum of 1 items
Binary Container format to add to AHAB image, Typically it could be used to add ELE Firmware.
The binary file that contains AHAB "mybinarycontainer.bin
Configurable Container format to add to AHAB image. This allow to configure all aspects of the AHAB container.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
"none" Defines which set is used to authenticate the container.
Which key from SRK set is being used.
Bitmask to indicate which SRKs to revoke. Bit set to 1 means revoke key. Bit 0 = revoke SRK0, bit 1 = revoke SRK1 etc. Example of revocation SRK0 and SRK1 - the value should be 0x03
This option defines runtime behavior of Glitch detector. Not supported by all devices and their ELE firmware.
- disabled: GDET is disabled after the first OEM container has been authenticated (default behavior)
- enabled_eleapi: Automatically enable GDET during all ELE API calls
- enabled: Leave GDET enabled
The value must be equal or greater than the version stored in fuses to allow loading this container.
Number used by Privileged Host Boot Companion (PHBC) to select between multiple images with same Fuse version field.
Private key used for sign the container header. Header can be signed by SRK. The referenced SRK must not have been revoked.
Signature provider configuration in format 'type=<sptype>;<key1>=<value1>;<key2>=<value2>'. The signature provider could be used instead of definition of 'signingkey'.
Array of image entries.
Must contain a minimum of 1 items
Must contain a maximum of 8 items
U-Boot SPL with optional DDR PHY tunning images
Image array default settings. Can be overridden by definitions that are hidden in the template:
loadaddress: 0x000000002049A000
imagetype: executable
coreid: cortex-a55
metadatastartcpuid: 2
hashtype: SHA384
Firmware for LPDDR4/5 memory in 1D mode.
Firmware for LPDDR4/5 memory in 2D mode.
Data for LPDDR4/5 memory in 1D mode.
Data for LPDDR4/5 memory in 2D mode.
SPL firmware
Offset in bytes from start of container header to beginning of the image. Zero value means automatic placing the image with proper alignment after previous one, this is recommended for serialdownloader mode. In case of XiP type of AHAB image, the loadaddress and entrypoint must correspond to this values. Example of setting of loadaddress - AHABIMAGEADDRESS+IMAGEOFFSET=LOADADDRESS. The Booting core images must be located after the other ones
Address the image is written to in memory (absolute address in system memory).
Image entry point (absolute address). Valid only for executable image types.
Kind of image.
Defines the core the image is dedicated for. Not all cores are supported for all families.
Determines, whether image is encrypted or not.
Boot flags controlling SCFW boot.
Resource ID of CPU to be started
Resource ID of the MU associated with the CPU
Partition ID of the partition to start
HASH type of image. All images in the container must have the same HASH type.
U-Boot ATF container definition
Image array default settings. Can be overridden by definitions that are hidden in the template:
loadaddress: 0x00000000204E0000
imagetype: executable
coreid: cortex-a55
metadatastartcpuid: 2
hashtype: SHA384
ARM Trusted Firmware binary file.
Offset in bytes from start of container header to beginning of the image. Zero value means automatic placing the image with proper alignment after previous one, this is recommended for serialdownloader mode. In case of XiP type of AHAB image, the loadaddress and entrypoint must correspond to this values. Example of setting of loadaddress - AHABIMAGEADDRESS+IMAGEOFFSET=LOADADDRESS. The Booting core images must be located after the other ones
Address the image is written to in memory (absolute address in system memory).
Image entry point (absolute address). Valid only for executable image types.
Kind of image.
Defines the core the image is dedicated for. Not all cores are supported for all families.
Determines, whether image is encrypted or not.
Boot flags controlling SCFW boot.
Resource ID of CPU to be started
Resource ID of the MU associated with the CPU
Partition ID of the partition to start
HASH type of image. All images in the container must have the same HASH type.
U-Boot container definition
Image array default settings. Can be overridden by definitions that are hidden in the template:
loadaddress: 0x0000000080200000
imagetype: executable
coreid: cortex-a55
metadatastartcpuid: 2
hashtype: SHA384
U-Boot binary file.
Offset in bytes from start of container header to beginning of the image. Zero value means automatic placing the image with proper alignment after previous one, this is recommended for serialdownloader mode. In case of XiP type of AHAB image, the loadaddress and entrypoint must correspond to this values. Example of setting of loadaddress - AHABIMAGEADDRESS+IMAGEOFFSET=LOADADDRESS. The Booting core images must be located after the other ones
Address the image is written to in memory (absolute address in system memory).
Image entry point (absolute address). Valid only for executable image types.
Kind of image.
Defines the core the image is dedicated for. Not all cores are supported for all families.
Determines, whether image is encrypted or not.
Boot flags controlling SCFW boot.
Resource ID of CPU to be started
Resource ID of the MU associated with the CPU
Partition ID of the partition to start
HASH type of image. All images in the container must have the same HASH type.
General Image Entry
Path to image binary (absolute/relative). In case that only Image Array entry without any data image is needed, Just do not use the image path.
Offset in bytes from start of container header to beginning of the image. Zero value means automatic placing the image with proper alignment after previous one, this is recommended for serialdownloader mode. In case of XiP type of AHAB image, the loadaddress and entrypoint must correspond to this values. Example of setting of loadaddress - AHABIMAGEADDRESS+IMAGEOFFSET=LOADADDRESS. The Booting core images must be located after the other ones
Address the image is written to in memory (absolute address in system memory).
Image entry point (absolute address). Valid only for executable image types.
Kind of image.
Defines the core the image is dedicated for. Not all cores are supported for all families.
Determines, whether image is encrypted or not.
Boot flags controlling SCFW boot.
Resource ID of CPU to be started
Resource ID of the MU associated with the CPU
Partition ID of the partition to start
HASH type of image. All images in the container must have the same HASH type.
SRK (Super Root key) table definition.
CA Flag is used by HAB to indicate if the SRK is allowed to sign other keys
Table containing the used SRK records. All SRKs must be of the same type. Supported signing algorithms are: RSASSA-PSS, ECDSA or SM2. Supported hash algorithms: sha256, sha384, sha512, sm3. Supported key sizes/curves: prime256v1, sec384r1, sec512r1, rsa2048, rsa4096, sm2. Certificate may be of Certificate Authority.
Must contain a minimum of 4 items
Must contain a maximum of 4 items
Path to SRK Key file.
The file that contains AHAB certificate. It could be used already prepared binary form signed by SRK, or it is possible to use configuration YAML file of certificate and the AHAB export process it will export it itself.
Encryption blob container definition
The key identifier that has been used to generate DEK keyblob.
Data Encryption key size. Used for AES CBC-MAC (128/192/256 size)
Data Encryption key. Used for AES CBC-MAC (128/192/256 size). The HEX format is accepted
Wrapped Data Encryption key. Used for AES CBC-MAC (128/192/256 size). The HEX format is accepted. If NOT used, the empty keyblob is inserted into container and need to be updated later.