- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- CST3.4.0 with HSM
CST3.4.0 with HSM
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
CST3.4.0 with HSM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am using latest CST-3.4.0 & I want to explore the CST-3.4.0 with third party HSM. I configured openssl.cnf as like below,
openssl_conf = openssl_init
[openssl_init]
engines = engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
#Path to the Compiled OpenSSL PKCS11 from OpenSC - libp11
dynamic_path = /usr/lib/x86_64-linux-gnu/engines-1.1/libpkcs11.so
MODULE_PATH = /home/jbhaijy/digicert/smtools-linux-x64/smpkcs11.so
I run the CST with -b pkcs11 option to sign the images through HSM, but I am getting below errors.
./cst --verbose -b pkcs11 -i dev_spl.csf -o dev_spl.bin
Install SRK
Install CSFK
Certificate not found.
Public key certificate is invalid in file pkcs11:model=DigiCert%20PKCS%2311;manufacturer=DigiCert;serial=SS0123456789;token=Virtual%20PKCS%2311%20Token;id=%36%34%33%39%61%63%61%32%2D%35%36%61%30%2D%34%64%64%63%2D%39%36%30%39%2D%65%62%64%39%31%63%36%33%65%33%62%39;object=imx6-hab-csf2-key-test;type=private
Please help me identify the problems here.
Thanks for you support.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jbhaijy how to get latest cst with hsm, unable to find the latest.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can download from https://www.nxp.com/search?keyword=IMX_CST_TOOL
Default this CST tool have HSM support but you need to configure your CSF to get it images signed from HSM.
Explore the documentation in this tool for further details.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank for the reply.
We want to have CST signing solution for i.MX6 & i.MX8 both. Both are custom boards. I am running Ubuntu-22.04 VM.
hector_delgado
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jbhaijy ,
Have you followed all steps from our Application Note Using Code-Signing Tool with Hardware Security Module (https://www.nxp.com/webapp/Download?colCode=AN12812&location=null)?
Even though it's an old guide, I believe it should still apply to our current CST release.
Let me know if this was of any help.
Best regards,
Hector.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I followed the steps mentioned in the AN12812, Instead of SoftHSM we are using 3rd party HSM.
What could be the possible reasons?
Regards,
jbhaijy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hector_delgado
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jbhaijy ,
Could you try the following changes to your openssl.cnf file?
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
#Path to the Compiled OpenSSL PKCS11 from OpenSC - libp11
dynamic_path = /usr/lib/x86_64-linux-gnu/engines-1.1/libpkcs11.so
MODULE_PATH = /home/jbhaijy/digicert/smtools-linux-x64/smpkcs11.so
init = 0
Let me know if it solves the issue.
Best regards,
Hector.
hector_delgado
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jbhaijy ,
I hope you're doing well!
What i.MX are you using? Is it a custom board or one of our EVKs? Also, what distro and version of Linux are you using in your host environment?
Best regards,
Hector.
