Hi,
I am signing the i.MX6 SPL & U-boot images through CST in Mode = HSM. I am able to sign the SPL & SPL is authenticated by i.MX6 HAB.
We also signed the i.MX6 u-boot but while flashing it got stuck with message failed.
For u-boot signing we have process set to sign the u-boot with [Authenticate Data] for DCD block along with [Authenticate Data] for HAB Blocks in the CSF file.
As per the document attached & discussed here as well, when we execute the CST in ‘Mode = HSM’ it generates the data_imgcsf.bin & data_csfsig.bin but the sig_request.txt is showing three unique_tag. I also confirmed that csf.bin(output of cst tool) is also having three unique_tag which I think there will be three signature needed to be replace with unique_tags. But the CST generated only data_imgcsf.bin & data_csfsig.bin. What will be the 3rd .bin which will get signed from HSM?
After comparing HSM signed u-boot image with working u-boot(signed without HSM mode) it seems that the working u-boot also has three signatures but the HSM signed u-boot have only 2 signatures & missing one more signature in the u-boot.
I think because of missing signature the the flashing got stuck & failed.
Request you to please help to solve this missing signature problem.
CST tool version: CST-3.4.0
Working OS: Ubuntu 18.04
Thanks,
jbhaijy
Hi @hector_delgado ,
I have solved the problem by combining the two different [Authenticate Data] in one. Like below,
In this case the CST generates signature binary for CSF commands & combined signature data binary for actual image.
Hi @hector_delgado ,
I have solved the problem by combining the two different [Authenticate Data] in one. Like below,
In this case the CST generates signature binary for CSF commands & combined signature data binary for actual image.
