FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

When will the tools support openssl 3?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

When will the tools support openssl 3?

Jump to solution
‎09-29-2023 12:32 AM
1,558 Views
mastupristi
Senior Contributor I

the latest version of cst that I have the sources for is 3.3.2. It requires openssl1.1.1t.
This very much constrains the versions of ubuntu on which it is possible to compile it.
For example, the ubuntu 20.04 LTS integrates openssl1.1.1f, while the ubuntu 22.04 LTS uses openssl 3.0.2
The last non-LTS ubuntu that has openssl 1.1 (1.1.1l) is 21.10, which is no longer supported as of 2022-07-14.
For about two years ubuntu no longer uses openssl1.1, also since September openssl 1.1.1 has been declared obsolete (see https://www.openssl.org/blog/blog/2023/09/11/eol-111/)

I could download openssl sources but (I already tried) in some cases they conflict with the openssl3 installation I have on my machines. Especially trying to use HSM tokens with pkcs11 interface.

Basically you MUST update your tools so that they can use openssl 3.x

do you have it on the roadmap yet?
When can we hope to have the tools updated?

 

best regards

Max

Tags (2)
0 Kudos
Reply
1 Solution

Jump to solution
‎09-29-2023 06:28 AM
1,524 Views
liborukropec
NXP Employee
NXP Employee

Hi Max,

who are the cst maintainers? Where can I ask these questions?

I already asked internally for the answer, unfortunately who can help is in different time zone.

roadmap for the release of SPSDK 2.0

it was in the link, SPSDK 2.0 should be at the end of the September. I know, it is almost the end so in a week or two or so.

This is the community for SPSDK, you can ask here: https://community.nxp.com/t5/Secure-Provisioning-SDK-SPSDK/tkb-p/SPSDK

consequently that for Provisioning Tool v8

I cannot say exact date, let's say v8 won't be earlier than in January 2024; realistic time frame is in the middle of Q1 24 (this is not an official promise of public release).

 

Regards,

Libor

View solution in original post

0 Kudos
Reply
5 Replies

Jump to solution
‎09-29-2023 12:58 AM
1,549 Views
liborukropec
NXP Employee
NXP Employee

Hello Max,

in Secure Provisioning Tool we do not maintain CST, we just use it as it is. Also for the upcoming version we are going to remove the dependency on the CST completely and we will use SPSDK only. Only for the i.MX we've used CST and starting v8 SPSDK should cover all supported families.

 

Please note that SPSDK has a possibility to create a custom plugin - Signature Provider, where one can integrate e.g. custom HSM.

This should be improved in SPSDK 2.0 and hopefully integrated into Secure Provisioning Tool later on.

- https://spsdk.readthedocs.io/en/latest/examples/signature_prov.html

- https://community.nxp.com/t5/Secure-Provisioning-SDK-SPSDK/tkb-p/SPSDK

 

Regards,

Libor

0 Kudos
Reply

Jump to solution
‎09-29-2023 04:23 AM
1,544 Views
mastupristi
Senior Contributor I

in Secure Provisioning Tool we do not maintain CST, we just use it as it is

It is my understanding that cst was developed and maintained by NXP, at least up to version 3.3.2

I will take a look at SPSDK.

what is the roadmap for the release of SPSDK 2.0, and consequently that for Provisioning Tool v8?

 

regards

Max

0 Kudos
Reply

Jump to solution
‎09-29-2023 05:52 AM
1,534 Views
liborukropec
NXP Employee
NXP Employee

It is my understanding that cst was developed and maintained by NXP, at least up to version 3.3.2

It is true, CST is from NXP, by statement:

in Secure Provisioning Tool we do not maintain CST,

I meant that we, developers of Secure Provisioning Tool (NXP), do not maintain CST tool (NXP) so I cannot comment technical details of the CST internals.

 

Regards,

Libor

0 Kudos
Reply

Jump to solution
‎09-29-2023 06:03 AM
1,531 Views
mastupristi
Senior Contributor I

who are the cst maintainers? Where can I ask these questions?

However, you can answer the other questions:

what is the roadmap for the release of SPSDK 2.0, and consequently that for Provisioning Tool v8?

regards

Max

0 Kudos
Reply

Jump to solution
‎09-29-2023 06:28 AM
1,525 Views
liborukropec
NXP Employee
NXP Employee

Hi Max,

who are the cst maintainers? Where can I ask these questions?

I already asked internally for the answer, unfortunately who can help is in different time zone.

roadmap for the release of SPSDK 2.0

it was in the link, SPSDK 2.0 should be at the end of the September. I know, it is almost the end so in a week or two or so.

This is the community for SPSDK, you can ask here: https://community.nxp.com/t5/Secure-Provisioning-SDK-SPSDK/tkb-p/SPSDK

consequently that for Provisioning Tool v8

I cannot say exact date, let's say v8 won't be earlier than in January 2024; realistic time frame is in the middle of Q1 24 (this is not an official promise of public release).

 

Regards,

Libor

0 Kudos
Reply