- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- QorIQ处理平台
- :
- Layerscape
- :
- Code Signing Tool with a Hardware Security Module
Code Signing Tool with a Hardware Security Module
I am aware that there are multiple versions of the code signing tool from different locations.
I currently am using the CST located at github.com/nxp-qoriq/cst. This appears to be version 2.0 and matches what documentation I seem to come across. I have also seen versions in the 3.* range as well as a 4.* version. From postings on the forums it seems these version 3 and 4 versions of CST can support a HSM through some configuration changes.
However, I can't seem to find an equivalent for CST 2.0? Can CST 2.0 utilize a HSM? If yes what steps would be required, if no, then can other versions of CST be used as drop in replacements?
I also noticed that the latest CST 4 doesn't appear to have actual source code available, or am I just looking in the wrong place? The precompiled binaries are only available for x86_64, but I'm developing natively on the LS1043A aarch64, so the precompiled binaries are obviously not an option. I don't mind building a different version, I just need to know where the source is and if there are any compatibility issues to be aware of?
Thank you for your time.
已解决! 转到解答。
Bio_TICFSL
Hello,
CST 2.0 does not have documented native HSM/PKCSsupport; for Layerscape the supported path is detached external signing with --img_hash plus sign_embedding , while i.MX CST 3.x/newer adds HSM features but is not verified as a drop-in replacement for QorIQ CST 2.0.
Regards
Bio_TICFSL
Hello,
CST 2.0 does not have documented native HSM/PKCSsupport; for Layerscape the supported path is detached external signing with --img_hash plus sign_embedding , while i.MX CST 3.x/newer adds HSM features but is not verified as a drop-in replacement for QorIQ CST 2.0.
Regards
