Linux command
rpi-otp-private-key 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Read the OTP private key
sudo rpi-otp-private-key
Write a private key
sudo rpi-otp-private-key -w [keyfile.bin]
Specify which row
sudo rpi-otp-private-key -y [56]
说明
rpi-otp-private-key reads or writes the customer-controlled 256-bit private key stored in the One-Time Programmable (OTP) memory of a Raspberry Pi's SoC. The key is used to sign or decrypt material as part of the Raspberry Pi secure boot chain (sometimes called "Customer OTP"). When invoked with no flags, it prints the currently programmed key as a 64-character hex string (or all zeros if it has not been programmed). With -w, it burns the supplied 32-byte file into OTP — this is permanent and cannot be undone, including after factory reset.
参数
- -w _file_
- Write the contents of _file_ (must be 32 bytes / 256 bits) to OTP memory. Permanent.
- -y _row_
- Override the default OTP row used to store the key.
- -c
- Check whether the OTP key has been programmed without printing it.
FAQ
What is the rpi-otp-private-key command used for?
rpi-otp-private-key reads or writes the customer-controlled 256-bit private key stored in the One-Time Programmable (OTP) memory of a Raspberry Pi's SoC. The key is used to sign or decrypt material as part of the Raspberry Pi secure boot chain (sometimes called "Customer OTP"). When invoked with no flags, it prints the currently programmed key as a 64-character hex string (or all zeros if it has not been programmed). With -w, it burns the supplied 32-byte file into OTP — this is permanent and cannot be undone, including after factory reset.
How do I run a basic rpi-otp-private-key example?
Run `sudo rpi-otp-private-key` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -w _file_ do in rpi-otp-private-key?
Write the contents of _file_ (must be 32 bytes / 256 bits) to OTP memory. Permanent.