https://community.nxp.com/t5/Layerscape/Code-Signing-Tool-with-a-Hardware-Security-Module/m-p/2358847#M16664 <P>I am aware that there are multiple versions of the code signing tool from different locations.</P><P>I currently am using the CST located at github.com/nxp-qoriq/cst. This appears to be version 2.0 and matches what documentation I seem to come across. I have also seen versions in the 3.* range as well as a 4.* version. From postings on the forums it seems these version 3 and 4 versions of CST can support a HSM through some configuration changes.</P><P>However, I can't seem to find an equivalent for CST 2.0? Can CST 2.0 utilize a HSM? If yes what steps would be required, if no, then can other versions of CST be used as drop in replacements?</P><P>I also noticed that the latest CST 4 doesn't appear to have actual source code available, or am I just looking in the wrong place? The precompiled binaries are only available for x86_64, but I'm developing natively on the LS1043A aarch64, so the precompiled binaries are obviously not an option. I don't mind building a different version, I just need to know where the source is and if there are any compatibility issues to be aware of?</P><P>Thank you for your time.</P> Wed, 29 Apr 2026 22:22:17 GMT endrunner_smw 2026-04-29T22:22:17Z https://community.nxp.com/t5/Layerscape/Code-Signing-Tool-with-a-Hardware-Security-Module/m-p/2358847#M16664 <P>I am aware that there are multiple versions of the code signing tool from different locations.</P><P>I currently am using the CST located at github.com/nxp-qoriq/cst. This appears to be version 2.0 and matches what documentation I seem to come across. I have also seen versions in the 3.* range as well as a 4.* version. From postings on the forums it seems these version 3 and 4 versions of CST can support a HSM through some configuration changes.</P><P>However, I can't seem to find an equivalent for CST 2.0? Can CST 2.0 utilize a HSM? If yes what steps would be required, if no, then can other versions of CST be used as drop in replacements?</P><P>I also noticed that the latest CST 4 doesn't appear to have actual source code available, or am I just looking in the wrong place? The precompiled binaries are only available for x86_64, but I'm developing natively on the LS1043A aarch64, so the precompiled binaries are obviously not an option. I don't mind building a different version, I just need to know where the source is and if there are any compatibility issues to be aware of?</P><P>Thank you for your time.</P> Wed, 29 Apr 2026 22:22:17 GMT https://community.nxp.com/t5/Layerscape/Code-Signing-Tool-with-a-Hardware-Security-Module/m-p/2358847#M16664 endrunner_smw 2026-04-29T22:22:17Z https://community.nxp.com/t5/Layerscape/Code-Signing-Tool-with-a-Hardware-Security-Module/m-p/2359491#M16666 <P>Hello,</P> <P>CST 2.0 does not have documented native HSM/PKCSsupport; for Layerscape the supported path is detached external signing with <CODE class="">--img_hash</CODE> plus <CODE class="">sign_embedding</CODE> , while i.MX CST 3.x/newer adds HSM features but is not verified as a drop-in replacement for QorIQ CST 2.0.</P> <P>&nbsp;</P> <P>Regards</P> Thu, 30 Apr 2026 22:55:24 GMT https://community.nxp.com/t5/Layerscape/Code-Signing-Tool-with-a-Hardware-Security-Module/m-p/2359491#M16666 Bio_TICFSL 2026-04-30T22:55:24Z