Hello,
I get the following error when I try to run the CST to connect to AWS CloudHSM.
./linux64/bin/cst -i u-boot.csf -o out/signed.bin -b pkcs11 --verbose
Install SRK
Authenticate data
[ERROR] CST: Error loading pkcs11 engine: could not load the shared library
In the code directory I notice there is a front_end and back_end-ssl. However, there is no back_end-pkcs11. Is the back_end-pkcs11 missing from 3.4.0? Or am I missing a configuration somewhere?
Also, the documentation for 3.4.0 mentions an example.csf file. However, there is no such example file.
The following is my csf file:
[Header]
Target = AHAB
Version = 1.0
Mode = HSM
[Install SRK]
# SRK table generated by srktool
File = "./crts/SRK1234table.bin"
# Public key certificate in PEM format
Source = "./crts/SRK1_sha384_secp384r1_v3_ca_crt.pem"
# Index of the public key certificate within the SRK table (0 .. 3)
Source index = 0
# Type of SRK set (NXP or OEM)
Source set = OEM
# bitmask of the revoked SRKs
Revocations = 0x0
[Authenticate Data]
# Binary to be signed generated by mkimage
File = "flash.bin"
# Offsets = Container header Signature block (printed out by mkimage)
Offsets = 0x0 0x90
Please advise how to fix this issue. Also, how does CST know where to find the pkcs11.so file?
