How do use the Code Signing Tool (CST) on an encrypted blob?

keithartel · ‎03-31-2017

I'm working with the P4080 processor. I'm looking at the Freescale Linux SDK v1.7 For QorIQ Processors document, and in the ESBC Phase / Chain of Trust with Confidentiality section, it talks about encapsulation and decapsulation of images. However, what I would like to do is encapsulate an image and then create a CSF Header for that encapsulated blob. However, the Code Signing Tool (CST) runs on a Linux box and this encapsulation and decapsulation happens in U-Boot.

Is there a way for me to create a CSF Header for this encrypted blob that I create in U-Boot? Or is the best that I can do is what was done in the Product Execution / Chain of Trust with Confidentiality section where it creates CSF headers for the ESBC U-Boot Image and boot scripts but not for the images itself.

ufedor · ‎04-03-2017

> Is there a way for me to create a CSF Header for this encrypted blob that I create in U-Boot?

There is no such possibility.

keithartel · ‎04-03-2017

If there isn't such a possibility, then why does Figure 5-10 in the Trust Architecture 1.0 User's Guide and Figure 5-11 in the Trust Architecture 2.0 User's Guide show "Encypted images using blobs"? I'd like to be able to do what is shown there.

ufedor · ‎04-03-2017

Please create a Technical Case:

https://community.freescale.com/thread/381898

keithartel · ‎04-03-2017

I do have a technical case open for this. Please respond to me in that case.

ufedor · ‎04-03-2017

What is the Case number?

keithartel · ‎04-03-2017

00110865

ufedor · ‎04-03-2017

Please wait for the Case owner response.