I'm working on secure boot on imx8mm processor and already built private keys public keys and SRK tables using cst tool.
I am looking at csf_spl/csf_fip template files and it seems it includes SRK table and CSF public key, IMG public key.
Then, when do we need to use the private keys generated by cst tool in signing process and booting / authenticating process?
I was reading a document i.MX 6 Linux High Assurance Boot (HAB) User's Guide.
On the first page, it says
The OEM can use an utility provided by Freescale to generate private key and corresponding public key pairs. For any system image they want to release, the private key is used to do the encryption.
And on the 3rd page, it also mentioned,
A CST tool is used to generate the CSF data, which includes public key, certificate, and instruction of authentication process.
Does it mean image signing with CSF data only needs public key in a certficate.
And private key is only needed to encrypt image.
Is this correct understanding? Otherwise it seems I misunderstand some part.
