Google Git
Sign in
pigweed/third_party/github/raspberrypi/picotool/9c01ac6d41633ed053202fbb9d3bf14aa7dbbf86^!/.
commit
9c01ac6d41633ed053202fbb9d3bf14aa7dbbf86
[log] [tgz]
author
William Vinnicombe <william.vinnicombe@raspberrypi.com>
Mon Jun 02 10:56:22 2025 +0100
committer
William Vinnicombe <william.vinnicombe@raspberrypi.com>
Mon Jun 02 10:56:22 2025 +0100
tree
2eeeb92392b46e698ef88a1332b768df1c43e931
parent
afe0f54ea5d27e4f203fdff046036d15d130d73f [diff]
OTP default encryption key page typo

OTP encryption key page defaults to 29, not 30

diff --git a/README.md b/README.md
index 376d3da..7fb46c1 100644
--- a/README.md
+++ b/README.md

@@ -665,7 +665,7 @@
         --otp-key-page
             Specify the OTP page storing the AES key (IV salt is stored on the next page)
         <page>
-            OTP page (default 30)
+            OTP page (default 29)
         <aes_key>
             AES Key Share or AES Key
         <iv_salt>

diff --git a/enc_bootloader/enc_bootloader.c b/enc_bootloader/enc_bootloader.c
index 60b0f42..bd72828 100644
--- a/enc_bootloader/enc_bootloader.c
+++ b/enc_bootloader/enc_bootloader.c

@@ -147,7 +147,7 @@
 #endif
 
 
-bi_decl(bi_ptr_int32(0, 0, otp_key_page, 30));
+bi_decl(bi_ptr_int32(0, 0, otp_key_page, 29));
 
 // The function lock_key() is called from decrypt() after key initialisation is complete and before decryption begins.
 // That is a suitable point to lock the OTP area where key information is stored.

diff --git a/enc_bootloader/enc_bootloader.elf b/enc_bootloader/enc_bootloader.elf
index d7eb8e8..e100748 100755
--- a/enc_bootloader/enc_bootloader.elf
+++ b/enc_bootloader/enc_bootloader.elf
Binary files differ

diff --git a/enc_bootloader/enc_bootloader_mbedtls.elf b/enc_bootloader/enc_bootloader_mbedtls.elf
index b3b2fbf..5c27863 100644
--- a/enc_bootloader/enc_bootloader_mbedtls.elf
+++ b/enc_bootloader/enc_bootloader_mbedtls.elf
Binary files differ

diff --git a/main.cpp b/main.cpp
index 7d5df3a..44e7d91 100644
--- a/main.cpp
+++ b/main.cpp

@@ -852,7 +852,7 @@
             option("--use-mbedtls").set(settings.encrypt.use_mbedtls) % "Use MbedTLS implementation of embedded bootloader (faster but less secure)" +
             (
                 option("--otp-key-page").set(settings.encrypt.otp_key_page_set) % "Specify the OTP page storing the AES key (IV salt is stored on the next page)" &
-                    integer("page").set(settings.encrypt.otp_key_page) % "OTP page (default 30)"
+                    integer("page").set(settings.encrypt.otp_key_page) % "OTP page (default 29)"
             ).force_expand_help(true) +
             (
                 option("--hash").set(settings.seal.hash) % "Hash the encrypted file" +