HPM Signing is a project designed to facilitate the implementation of Hardware Platform Management (HPM.1, the IPM Controller Firmware Upgrade specification). This tool ensures the integrity and authenticity of firmware through a secure signing process.
- Scripts to generate a siging key pair
- Scripts to sign BIOS/CPLD This repository includes scripts to generate binary images following the HPM.1 specification. The HPM.1 specification is a standard for hardware platform management, particularly for IPM (Intelligent Platform Management) controllers. For more information on the HPM.1 specification, you can refer to the following links:
- Hardware Platform Management Overview
- HPM.1 IPM Controller Firmware Upgrade Specification
To use the HPM Signing tool, follow these steps:
- Create a RSA key pair:
A key pair private_key.pem and public_key.pem will be generated.
python3 keys.py
- For demo purpose, create a binary file using dd:
Feel free to skip this step, if you have a binary file to be signed.
dd if=/dev/random of=dummy.bin bs=4M count=1
- Check hpm_data.json file and change the value if necessary.
- Put everything together. Assume we have a BIOS binary dummy.bin with version 0x86:
The final HPM file out_file.hpm will be generated.
sudo python3 hpm.py -i dummy2.bin -o out_file.hpm --key private_key.pem -t BIOS -v 86 -f hpm_data.json
For any questions or feedback, please contact Jim Yuan.