code signing tool

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

code signing tool

5,093 Views
praveen_bharath
Contributor II

Hello,

I am unable to sign my product code using the CST. The script fails while generating the CSF binary with an undefined error, and always its on line 2 or before. 

keys$ ../linux32/bin/cst --o csf-uboot.bin --i csf-uboot
error: line 2: syntax error

I understand the cst tool has a limitation that requires the command be run from the keys directory. I have had the u-boot.imx image moved to the keys directory. But that hasnt helped. I am missing something here?

Any help is appreciated.

Thanks

Labels (1)
Tags (1)
0 Kudos
Reply
3 Replies

4,105 Views
praveen_bharath
Contributor II

Hello,

I am past that issue. I am now able to build the csf file, sign the boot loader image. I flash using the manufacturing tool. However there is something wrong due to which the HAB is disabled during boot. 

Here is the CSF I am using (copied from AN4581). I am not sure if I can use the address in the example straight in my product. I have seen people posting their CSFs in the forum with all kinds of addresses and thats the reason for my doubt. The part we are using is IMX7 Dual and I used the linux32 bit version of cst to sign my image as I understand the IMX7 is a 32 bit device.

#Illustrative Command Sequence File Description
[Header]
Version = 4.2
Hash Algorithm = sha256
Engine = ANY
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS

[Install SRK]
File = "../../crts/SRK_1_2_3_4_table.bin"
# Index of the key location in the SRK table to be installed
Source index = 0

[Install CSFK]
# Key used to authenticate the CSF data
File = "../../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target Index = 2
# Key to install
File= "../../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Address Offset Length Data File Path
Blocks = 0x877fb000 0x00000000 0x00054c00 "./u-boot-dtb.imx", \
0x00910000 0x0000002c 0x0000e040 "./u-boot-dtb.imx"

And here are the errors in hab_status

U-Boot 2017.03-g97b9227-dirty (Feb 28 2019 - 17:15:41 -0600)

CPU: Freescale i.MX7D rev1.2 996 MHz (running at 792 MHz)
CPU: Extended Commercial temperature grade (-20C to 105C) at 29C
Reset cause: POR
Model: ICU i.MX7D CE32 Board
Board: i.MX7D CE3.2 RevC
Watchdog enabled
DRAM: 512 MiB
PMIC: PFUZE3000 DEV_ID=0x30 REV_ID=0x11
MMC: FSL_SDHC: 0, FSL_SDHC: 1
*** Warning - bad CRC, using default environment

In: serial
Out: serial
Err: serial
flash target is MMC:1
Net: CPU Net Initialization Failed
No ethernet found.

=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x1c 0x42 0x33 0x18 0xc0 0x00
0xca 0x00 0x14 0x00 0x02 0xc5 0x00 0x00
0x00 0x00 0x0d 0x34 0x87 0x7f 0xb0 0x00
0x00 0x05 0x4c 0x00

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x00
0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x2c
0x00 0x00 0x01 0xe0

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x20
0x00 0x00 0x00 0x01

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x80 0x00 0x00
0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

=>

0 Kudos
Reply

4,105 Views
b36401
NXP Employee
NXP Employee

You can refer chapter 7 of this document
https://community.nxp.com/docs/DOC-340994
regarding to Code Signing Tool usage.

0 Kudos
Reply

1,860 Views
psbanga
Contributor I

I do not have access to that document. How do I get it?

I need information on all the config options for the file.

0 Kudos
Reply