The HSM Coding-Signing is new. When we follow the instructions in Code-Signing Tool User’s Guide , still has something to overcome, most of them are related to the OS.
Actually, Code-Signing Tool User’s Guide can not give detail every “obvious” step.
The purpose of this document is to share the experiences on my system.
Hope those experience can give you some clues on your system.
25JUL2024 - add pkcs11 proxy
HSM Code-Signing Journey_25JUL2024.pdf
HSM Code-Signing Journey_25JUL2024.txt
I have updated the document (HSM Code-Signing Journey_25JUL2024.pdf). It contains the content of pkcs11 proxy.
It can realize the server/client mode.
Regarding cst, the principles are based on common standards and knowledge.
The most important code of cst is how to assemble an image, the location that the ROM code knows security data.
You can read the document below, which is based on the imx reference manual published in www.nxp.com.
i.MX8X security overview and AHAB deep dive
https://community.nxp.com/t5/i-MX-Processors-Knowledge-Base/i-MX8X-security-overview-and-AHAB-deep-d...