Hello community,
I want to use cst tool to sign binary images of my software and then use the same tool to verify the signed software( verify that they are signed correctly)
Is that possible with cst tool ?
Can anyone help me .
Hi @haGkiu ,
I hope you're doing well!
Can you let me know what processor are you using? And is it an EVK or a custom board?
Thank you.
Best regards,
Hector.
Hello,
I am using a phytec phycore card with an imx6q processor.
Hi @haGkiu ,
In order to verify/authenticate a signed image you can use the U-Boot command hab_auth_img.
3.4 Verifying HAB events
-------------------------
The U-Boot includes the hab_auth_img command which can be used for
authenticating and troubleshooting the signed image, zImage must be
loaded at the load address specified in the IVT.
- Authenticate additional image:
=> hab_auth_img <Load Address> <Image Size> <IVT Offset>
If no HAB events were found the zImage is successfully signed.
I'd recommend the following guide for secure boot in i.MX 6 devices: uboot-imx/doc/imx/habv4/guides/mx6_mx7_secure_boot.txt at lf_v2022.04 · nxp-imx/uboot-imx · GitHub
Let me know if this was of any help.
Best regards,
Hector.
Hello,
I am working with barebox not u_boot , do you have any information on how to sign barebox with cst (so it can be authenticated by hab).
Hi @haGkiu ,
Other bootloaders besides our U-Boot are currently out of our scope of support, so we don't have any previous tests/guides/examples using barebox for our CST software. Our tools were also designed around our software in this case, but I won't be able to confirm 100% if the process would be the same or if some critical modifications would be needed to ensure barebox compatibility. Is there a particular reason to not use U-boot?
Best regards,
Hector.
Hello @hector_delgado ,
The company in which I work is using barebox as a boatloder on the project.
Do you have an idea if there is a tool I can use to sign barebox ( to be authenticated by HAB module on imx6 electronic cards).
Best regards,
Moufida.
Hi @haGkiu ,
From previous cases I've found the following link to barebox documentation which apparently has built in support for CST: https://www.barebox.org/doc/latest/boards/imx.html#high-assurance-boot
I can't guarantee full compatibility but I think it's worth to look at.
Thank you.
Best regards,
Hector.