Last active
April 24, 2024 20:58
-
-
Save valtzu/d514c4c00ea2072bf54a75e91c6ad13d to your computer and use it in GitHub Desktop.
Raspberry PI 4B HTTPS BOOT
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Please comment below if you found this useful :) | |
| # Create RSA signing key (that would later be used to create boot.sig served over https) | |
| openssl genrsa -out private-key.pem 2048 | |
| openssl rsa -in private-key.pem -pubout -out public-key.pem | |
| # Create TLS cert (ec_key.pem & cert.der should be configured to the webserver of your choice) | |
| openssl ecparam -out ec_key.pem -name secp384r1 -genkey | |
| openssl req -new -key ec_key.pem -x509 -nodes -days 3650 -out cert.der -outform der | |
| cat > boot_conf.txt <<CONF | |
| BOOT_UART=1 | |
| NET_INSTALL_ENABLED=0 | |
| HTTP_HOST=example.org | |
| HTTP_PATH=whatever | |
| HTTP_PORT=443 | |
| HTTP_CACERT_HASH=$(sha256sum cert.der|cut -f1 -d' ') | |
| BOOT_ORDER=0xf17 | |
| CONF | |
| rpi-eeprom-config -p public-key.pem -c boot_conf.txt --cacertder cert.der -o pieeprom.bin pieeprom-2024-04-17.bin | |
| rpi-eeprom-digest -k private-key.pem -i pieeprom.bin -o pieeprom.sig | |
| img=https_boot_flasher.img | |
| truncate -s 256M $img | |
| mformat -i $img -F :: | |
| mcopy -i $img pieeprom.bin pieeprom.sig recovery.bin :: | |
| # Burn https_boot_flasher.img to SD card and boot – wait until green light blinks constantly, then remove card and reboot | |
| # There is a short explanation available in https://github.com/raspberrypi/rpi-eeprom/blob/master/firmware-2712/release-notes.md – the same seems to work on RPI4 too |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment