https://community.nxp.com/t5/i-MX-Processors/Code-Signing-Tool-CST-with-existing-DEK/m-p/2051128#M234449 <P>I am configuring encrypted boot for an i.MX8 ULP board. I'm using instructions from here:</P><P><A href="https://raw.githubusercontent.com/nxp-imx/uboot-imx/refs/heads/lf_v2024.04/doc/imx/ahab/guides/mx8ulp_9x_encrypted_boot.txt" target="_blank">https://raw.githubusercontent.com/nxp-imx/uboot-imx/refs/heads/lf_v2024.04/doc/imx/ahab/guides/mx8ulp_9x_encrypted_boot.txt</A></P><P>The CST tool generates a new Data Encryption Key (DEK) every time it is run, encrypts the container and saves the key in the file specified in the .csf file, overwriting any existing key.&nbsp; I want to be able to sign my containers using an existing DEK for which I have already generated the dek_blob.</P><P>How is that possible?</P> Tue, 25 Feb 2025 22:14:40 GMT ddresser 2025-02-25T22:14:40Z https://community.nxp.com/t5/i-MX-Processors/Code-Signing-Tool-CST-with-existing-DEK/m-p/2051128#M234449 <P>I am configuring encrypted boot for an i.MX8 ULP board. I'm using instructions from here:</P><P><A href="https://raw.githubusercontent.com/nxp-imx/uboot-imx/refs/heads/lf_v2024.04/doc/imx/ahab/guides/mx8ulp_9x_encrypted_boot.txt" target="_blank">https://raw.githubusercontent.com/nxp-imx/uboot-imx/refs/heads/lf_v2024.04/doc/imx/ahab/guides/mx8ulp_9x_encrypted_boot.txt</A></P><P>The CST tool generates a new Data Encryption Key (DEK) every time it is run, encrypts the container and saves the key in the file specified in the .csf file, overwriting any existing key.&nbsp; I want to be able to sign my containers using an existing DEK for which I have already generated the dek_blob.</P><P>How is that possible?</P> Tue, 25 Feb 2025 22:14:40 GMT https://community.nxp.com/t5/i-MX-Processors/Code-Signing-Tool-CST-with-existing-DEK/m-p/2051128#M234449 ddresser 2025-02-25T22:14:40Z