HSM Code-Signing Journey

1 Kudo

The HSM Coding-Signing is new. When we follow the instructions in Code-Signing Tool User’s Guide , still has something to overcome, most of them are related to the OS.

Actually, Code-Signing Tool User’s Guide can not give detail every “obvious” step.

The purpose of this document is to share the experiences on my system.

Hope those experience can give you some clues on your system.

25JUL2024 - add pkcs11 proxy

HSM Code-Signing Journey_25JUL2024.pdf

HSM Code-Signing Journey_25JUL2024.txt

shanthu_1306

Can you explain the NXP CST Tool signing process? I am using CST Version 3.4.0.
Where does the signing process occur? I also want to know about remote signing using HSM.
How does it work? Please explain in depth with reference documents.

BiyongSUN

I have updated the document (HSM Code-Signing Journey_25JUL2024.pdf). It contains the content of pkcs11 proxy.
It can realize the server/client mode.

Regarding cst, the principles are based on common standards and knowledge.
The most important code of cst is how to assemble an image, the location that the ROM code knows security data.

You can read the document below, which is based on the imx reference manual published in www.nxp.com.

i.MX8X security overview and AHAB deep dive
https://community.nxp.com/t5/i-MX-Processors-Knowledge-Base/i-MX8X-security-overview-and-AHAB-deep-d...

HSM Code-Signing Journey

HSM Code-Signing Journey

HSM Code-Signing Journey

i.MX 8 Family | i.MX 8QuadMax (8QM) | 8QuadPlus

i.MX 8M | i.MX 8M Mini | i.MX 8M Nano

i.MX6 All

i.MX8ULP