- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- CST Encryption Failed under MinGW32
CST Encryption Failed under MinGW32
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
CST Encryption Failed under MinGW32
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We're using CST 3.1.0 for image signing and encryption of i.MX RT 1060. When I tried to rebuild CST with encryption enabled in windows under MinGW32, it failed with the following error.
The command to build CST is as follows,
MINGW32 /NXP-MCUBootUtility-master/tools/cst/code/back_end/src $ gcc *.c -o cst.exe -I ../hdr -I ../../../../openssl/openssl-1.0.2t/openssl-1.0.2t/include/ -L ../../../mingw32/lib/ -L ../../../../openssl/openssl1.0.2t/openssl1.0.2t -lfrontend -lcrypto -lgdi32 -static
The error logs is given below and the full error log is attached as text file.
C:/msys64/mingw32/bin/../lib/gcc/i686-w64-mingw32/9.2.0/../../../../i686-w64-mingw32/bin/ld.exe: C:/msys64/mingw32/bin/../lib/gcc/i686-w64-mingw32/9.2.0/../../../../lib\libcrypto.a(ec_asn1.o):(.text+0x2d60): multiple definition of `ECDSA_SIG_get0'; C:\msys64\tmp\cchaaL0c.o:openssl_helper.c:(.text+0x49): first defined here
We would like to know that is there a way to obtain the encrypted CST binary(.exe) file directly or would has gone wrong in our build.
Thanks in advance.
kerryzhou
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Kanimozhi Thangappan ,
It seems you are using the NXP-MCUBootUtility, and want to configure the cst for the NXP MCUBootUtility right?
Could you tell me, what's the command you are referring to configure it, please also give me your reference document or link. From MCUbootUtility tool side?
BTW, which MinGW32 version you are using? Do you download the newest version from the following link:
Have a great day,
Kerry
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey kerryzhou ,
Thanks for showing interest in this.
Yes, we want to configure CST with encryption for NXP_MCUBootUtility.
The command used to rebuild cst.exe is,
MINGW32$ /NXP-MCUBootUtility-master/tools/cst/code/back_end/src $ gcc *.c -o cst.exe \ -I ../hdr -I ../../../../openssl/openssl-1.0.2t/openssl-1.0.2t/include/ \ -L ../../../mingw32/lib/ -L ../../../../openssl/openssl1.0.2t/openssl1.0.2t \ -lfrontend -lcrypto -lgdi32 -static
which is obtained from https://www.cnblogs.com/henjay724/p/10189593.html (Referred in GitHub - JayHeng/NXP-MCUBootUtility: A one-stop boot utility tool based on Python2.7+wxPython4.0, it... )
And finally, we used the "MINGW32_NT-10.0-18363 admin 3.0.7-338.x86_64 2019-07-11 10:58 UTC x86_64 Msys" version from the official website.
kerryzhou
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please try the following steps in the new downloaded cst and the openssl again:
1. Download the installation from the link: www.msys2.org and follow the instruction to install. The x86_64 is for 64-bit Windows, i686 is for 32-bit Windows. Select one of them best compatible with your Windows system.
2. Run MSYS2 by ticking “Run MSYS2 now” during the installation or run it manually by selecting “MSYS2 MSYS” from Start menu of Windows after installation.
3. Update the package database and core system package with:
pacman -Syu
4. Input y to install the update.
5. If needed, close MSYS2 terminal window and run it (MSYS2 MSYS) again from Start menu. Update the rest of the packages with:
pacman -Su
6. Install the standard packages needed to build operation with the below command, just press enter for a default selection for all.
pacman -S –-needed base-devel
7. Install the GNU compiler collection for 32-bit Windows with the below command. Press y to install all dependencies.
pacman -S mingw-w64-i686-gcc
8. Close MSYS2 terminal window and run MSYS2 MinGW 32-bit from Start menu to start the MingGW32 that’s the build environment for 32-bit Windows.
9. Check the environment to meet the requirement for 32-bit Windows:
gcc --version
perl --version
These steps are for buliding the OpenSSL libraries:
1. Download the latest openssl-1.0.x package from www.openssl.org. It’s openssl-1.0.2o.tar.gz currently.
2. Copy openssl-1.0.2o.tar.gz to your home folder that you can get by cd&pwd command in the MSYS2 shell window.
1. Run MSYS2 MinGW 32-bit from Start menu if MinGW32 isn’t running. Or run cd command to go home directory as current working directory if MinGW32 is running.
2. Extract the source code and build it with the following commands:
tar -zxvf openssl-1.0.2o.tar.gz
cd openssl-1.0.2o
./config
make
3. Run the below command to check the libcrypto.a file is generated in the current folder.
ls -al | grep lib
4. Copy the ms/applink.c file to include/openssl folder at last.
cp ms/applink.c include/oppenssl
Now we can build the CST tool to enable the AES encryption feature. The current version of CST tool is 2.3.3 and can be download from www.nxp.com.
2. Download cst-2.3.3.tar.gz from www.nxp.com.
3. Copy cst-2.3.3.tar.gzto your home folder.
4. Run MSYS2 MinGW 32-bit from Start menu if MinGW32 isn’t running. Or run cd command to go home directory as current working directory if MinGW32 is running.
5. Extract the source code and build it with the following commands:
tar -zxvf cst-2.3.3.tar.gz
cd cst-2.3.3/code/back_end/src
gcc *.c -o cst.exe -I ../hdr -I ../../../../openssl-1.0.2o/include -L ../../../mingw32/lib -L ../../../../openssl-1.0.2o -lfrontend -lcrypto -lgdi32 -static
6. Run ls | grep cst command to list the cst.exe file generated in the previous command.
7. Copy the generated cst.exe file to overwrite the original one in the cst-2.3.3/mingw32/bin folder.
Until now, you already finished the CST configuration.
Then you can follow my post in this link to do the MCUBootutility configuration:
RT1050 HAB Encrypted Image Generation and Analysis
chapter 3.1 MCUBootUtility Configuration to check the RT Encrypted image.
Please try it on your side.
Have a great day,
Kerry
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
