CST Signing Process in Mode = HSM

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

CST Signing Process in Mode = HSM

ソリューションへジャンプ
1,370件の閲覧回数
jbhaijy
Contributor III

Hi,

I am signing the i.MX6 SPL & U-boot images through CST in Mode = HSM. I am able to sign the SPL & SPL is authenticated by i.MX6 HAB.

We also signed the i.MX6 u-boot but while flashing it got stuck with message failed.

jbhaijy_3-1706551175136.png

For u-boot signing we have process set to sign the u-boot with [Authenticate Data] for DCD block along with [Authenticate Data] for HAB Blocks in the CSF file.

jbhaijy_1-1706551105121.png

As per the document attached & discussed here as well, when we execute the CST in ‘Mode = HSM’ it generates the data_imgcsf.bin & data_csfsig.bin but the sig_request.txt is showing three unique_tag. I also confirmed that csf.bin(output of cst tool) is also having three unique_tag which I think there will be three signature needed to be replace with unique_tags. But the CST generated only data_imgcsf.bin & data_csfsig.bin. What will be the 3rd .bin which will get signed from HSM?

jbhaijy_2-1706551105140.png

After comparing HSM signed u-boot image with working u-boot(signed without HSM mode) it seems that the working u-boot also has three signatures but the HSM signed u-boot have only 2 signatures & missing one more signature in the u-boot.  

I think because of missing signature the the flashing got stuck & failed.

Request you to please help to solve this missing signature problem.

CST tool version: CST-3.4.0

Working OS: Ubuntu 18.04

 

Thanks,

jbhaijy

0 件の賞賛
返信
1 解決策
1,271件の閲覧回数
jbhaijy
Contributor III

Hi @hector_delgado ,

 

I have solved the problem by combining the two different [Authenticate Data] in one. Like below,

jbhaijy_0-1707804116568.png

In this case the CST generates signature binary for CSF commands & combined signature data binary for actual image.  

 

元の投稿で解決策を見る

0 件の賞賛
返信
4 返答(返信)
1,272件の閲覧回数
jbhaijy
Contributor III

Hi @hector_delgado ,

 

I have solved the problem by combining the two different [Authenticate Data] in one. Like below,

jbhaijy_0-1707804116568.png

In this case the CST generates signature binary for CSF commands & combined signature data binary for actual image.  

 

0 件の賞賛
返信
1,284件の閲覧回数
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @jbhaijy ,

Could you please let me know if you're using a third party HSM or are you using softhsm2 like the examples from our HSM guide? 

Thank you.

Best regards,
Hector.

0 件の賞賛
返信
1,272件の閲覧回数
jbhaijy
Contributor III

Hi @hector_delgado ,

I am using 3rd party HSM. 

 

Regards,

jbhaijy

0 件の賞賛
返信
1,341件の閲覧回数
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @jbhaijy ,

I hope you're doing well. Let me check this thoroughly and I'll get back to you as soon as possible. Also, just to be sure, i.MX 6 processors are to be used with HAB not AHAB (as it was implied with your attached document) but I'm sure you probably may have uploaded the wrong file even though you might have used the correct one for the signing process. 

Best regards,
Hector.

0 件の賞賛
返信