FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

CST Tool 3.3.2 Segmentation Fault with Yocto for i.MX8M-Plus

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CST Tool 3.3.2 Segmentation Fault with Yocto for i.MX8M-Plus

‎07-31-2023 07:41 AM
681 Views
philbot9991
Contributor I

I can successfully create a Yocto build for my i.MX8M-Plus board within a dockerized 64-bit Ubuntu 18.04 environment and boot the device.

Now I want to work on secure boot and so I am using CST Tool 3.3.2 to attempt to generate the signed binaries for imx-boot, and the kernel. The CST Tool signs the kernel just fine, but segmentation faults when trying to sign the imx-boot FIT image. The command that fails is shown below. I have tried several versions of CST tool and they all fail in the same way. What have I done wrong and how can I get this to work? Thank you!

developer@docker-desktop:/workspaces/cst-3.3.2/linux64/bin$ ./cst --version

Code Signing Tool Version: 3.3.2-development

Compiled with:
OpenSSL 1.1.1t 7 Feb 2023
OPENSSLDIR: "/opt/cst-ssl"
ENGINESDIR: "/opt/cst-ssl/lib/engines-1.1"


Segmentation Fault:

+ /workspaces/cst-3.3.2/linux64/bin/cst -i /home/developer/compulab-nxp-bsp/build-iot-gate-imx8plus/tmp/deploy/images/iot-gate-imx8plus/cst-tools/hab/signed/u/csf_spl.txt -o /home/developer/compulab-nxp-bsp/build-iot-gate-imx8plus/tmp/deploy/images/iot-gate-imx8plus/cst-tools/hab/signed/u/csf_spl.bin
../tools/csf.u: line 30: 28249 Segmentation fault ${CST} -i ${O}/csf_spl.txt -o ${O}/csf_spl.bin
Makefile:34: recipe for target 'hab/signed/u' failed
make: *** [hab/signed/u] Error 139

Line that causes segmentation fault:

${CST} -i ${O}/csf_spl.txt -o ${O}/csf_spl.bin
${CST} -i ${O}/csf_fit.txt -o ${O}/csf_fit.bin

Contents of csf_spl.txt:

[Header]
    Version = 4.3
    Hash Algorithm = sha256
    Engine = CAAM
    Engine Configuration = 0
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    # Index of the key location in the SRK table to be installed
    File = "../crts/SRK_1_2_3_4_table.bin"
    Source index = 0

[Install CSFK]
    # Key used to authenticate the CSF data
    File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Unlock]
    # Leave Job Ring and DECO master ID registers Unlocked
    Engine = CAAM
    Features = MFG

[Install Key]
    # Key slot index used to authenticate the key to be installed
    Verification index = 0
    # Target key slot in HAB key store where key will be installed
    Target index = 2
    # Key to install
    File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate Data]
    # Key slot index used to authenticate the image data
    Verification index = 2
    # Authenticate Start Address, Offset, Length and file
    Blocks =  \
 "/home/developer/compulab-nxp-bsp/build-iot-gate-imx8plus/tmp/deploy/images/iot-gate-imx8plus/cst-tools/hab/flash.bin"
0 Kudos
Reply
1 Reply

‎08-02-2023 07:47 PM
634 Views
Harvey021
NXP TechSupport
NXP TechSupport

 Hi @philbot9991 

# Authenticate Start Address, Offset, Length and file
    Blocks =  \
 "/home/developer/compulab-nxp-bsp/build-iot-gate-imx8plus/tmp/deploy/images/iot-gate-imx8plus/cst-tools/hab/flash.bin"

 

 Authenticate Data for start address, offset, length seems missed. 

 

Best regards

Harvey

0 Kudos
Reply