Hi,
I am using Code Signal Tool and i have followed the process on the User Guide and some other reference documents, but the image that the CST is generating is smaller than the original image that i am trying to sign and when analyzing the signed-image it only contains the sign data but no the data of the original image.
i am using fast authentication and below is the .csf file contents:
[Header]
Version = 4.1
Hash Algorithm = sha256
Engine = ANY
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "../crts/SRK_1_table.bin"
Source index = 0
[Install NOCAK]
file = "../crts/SRK1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
#nothing
[Authenticate Data]
Verification index = 0
Blocks = 0x1800d00 0x000 0x7118 "/home/xxxx/boot.bin"
i am not clear about the data for blocks but the first parameter "0x1800d00" i am using the address where my boot.bin is located on the board.
the second parameter which is "0x000" i am trying to set the sign data at the beginning after that i am hopping to see the data on the original boot.bin.
the third parameter "0x7118" i am putting there the original image size (size of boot.bin).
Fourth parameter is the path where the original image to be signed is placed.
Why the generated signed image does not contains the data from the original boot.bin? Can someone clarify me what i am not understanding on the process or any other step needed to have my complete signed image?
Do I need to merge my original boot.bin with the binary CSF generated by my self?
Thanks in advance for response
Hi Igor,
thanks for your answer, i am using LS1028A according the tutorial it seems that the CSF tool does not generate i complete signed image, i need to concatenate both images to have a complete signed image.
i have another question, if i use fast authentication with NO encryption, and i have stored on the SRK fuse register the values on SRK_fuse.bin but i am not sure about the OTPMK, is the OTPMK needed? in case it is needed where can i find it? i read on the tutorial that it is a random value, so i just need to generate a random values from my self and store them there?
Hi mtapia88
for LS1028A seems it is necessary to post on appropriate for that processor
Layerscape Processors forum, as here supported i.MX processors:
https://community.nxp.com/t5/Layerscape/bd-p/Layerscape
Best regards
igor
Hi mtapia88
what processor used in the case. One can try to follow tutorial :
https://boundarydevices.com/high-assurance-boot-hab-dummies/
https://source.codeaurora.org/external/imx/uboot-imx/tree/doc/imx/habv4?h=imx_v2020.04_5.4.70_2.3.0
Image layout is described in sect.4 Image layout AN4581
https://www.nxp.com/docs/en/application-note/AN4581.pdf
Best regards
igor