Using cst-tools signing *.out file

vijith_g1 · ‎07-09-2020

Hi,

I am using sbc connect core 6 board for my product development. I have to add security to my developed firmware application. Because we are planning to use secure update of the application firmware. For that we are planning to use cst-tools signing method. Please let me know using cst-tools can I sign the *.out file and verify in user space. Please let me know any other method ?

I am using Digi yocto build dey 2.4 version.

Thanks & Regards

Vijith G

Yuri · ‎07-10-2020

vijith.g@honeywell.com

Hello,

I've sent You some comments directly.

Regards,

Yuri.

vijith_g1 · ‎07-16-2020

I have some queries related to the document you have shared.

Verification and Authentication:

1: csf file where does come from?

2: In the machine authentication perform apart from signed image and srk efuse information is other any items to authenticate?

3: Document mentioned csf file to install certificates, in a machine which is not connected to internet, will this certificate installation happen?

4: Where will be Certifying authority (CA) in the authentication machine?

5: is csf file a signed application file?

Yuri · ‎07-20-2020

Hello,

below are my comments.

1) The CSF file in the document is just an (typical) example.

2) Yes - usually only signed image and the fuses are checked.

3,4) Since root (SRK) is local - no need for I-net.
5) CSF is text file, which will be converted to binary form to be checked by boot ROM.

Regards,

Yuri.

Using cst-tools signing *.out file

Using cst-tools signing *.out file

i.MX6Quad

Linux

Security

Yocto Project