Hello,
I am unable to sign my product code using the CST. The script fails while generating the CSF binary with an undefined error, and always its on line 2 or before.
keys$ ../linux32/bin/cst --o csf-uboot.bin --i csf-uboot
error: line 2: syntax error
I understand the cst tool has a limitation that requires the command be run from the keys directory. I have had the u-boot.imx image moved to the keys directory. But that hasnt helped. I am missing something here?
Any help is appreciated.
Thanks
Hello,
I am past that issue. I am now able to build the csf file, sign the boot loader image. I flash using the manufacturing tool. However there is something wrong due to which the HAB is disabled during boot.
Here is the CSF I am using (copied from AN4581). I am not sure if I can use the address in the example straight in my product. I have seen people posting their CSFs in the forum with all kinds of addresses and thats the reason for my doubt. The part we are using is IMX7 Dual and I used the linux32 bit version of cst to sign my image as I understand the IMX7 is a 32 bit device.
#Illustrative Command Sequence File Description
[Header]
Version = 4.2
Hash Algorithm = sha256
Engine = ANY
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "../../crts/SRK_1_2_3_4_table.bin"
# Index of the key location in the SRK table to be installed
Source index = 0
[Install CSFK]
# Key used to authenticate the CSF data
File = "../../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target Index = 2
# Key to install
File= "../../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Address Offset Length Data File Path
Blocks = 0x877fb000 0x00000000 0x00054c00 "./u-boot-dtb.imx", \
0x00910000 0x0000002c 0x0000e040 "./u-boot-dtb.imx"
And here are the errors in hab_status
U-Boot 2017.03-g97b9227-dirty (Feb 28 2019 - 17:15:41 -0600)
CPU: Freescale i.MX7D rev1.2 996 MHz (running at 792 MHz)
CPU: Extended Commercial temperature grade (-20C to 105C) at 29C
Reset cause: POR
Model: ICU i.MX7D CE32 Board
Board: i.MX7D CE3.2 RevC
Watchdog enabled
DRAM: 512 MiB
PMIC: PFUZE3000 DEV_ID=0x30 REV_ID=0x11
MMC: FSL_SDHC: 0, FSL_SDHC: 1
*** Warning - bad CRC, using default environment
In: serial
Out: serial
Err: serial
flash target is MMC:1
Net: CPU Net Initialization Failed
No ethernet found.
=> hab_status
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x1c 0x42 0x33 0x18 0xc0 0x00
0xca 0x00 0x14 0x00 0x02 0xc5 0x00 0x00
0x00 0x00 0x0d 0x34 0x87 0x7f 0xb0 0x00
0x00 0x05 0x4c 0x00
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 2 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x00
0x00 0x00 0x00 0x20
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 3 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x2c
0x00 0x00 0x01 0xe0
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 4 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x7f 0xf4 0x20
0x00 0x00 0x00 0x01
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x0c 0xa0 0x00
0x00 0x00 0x00 0x00 0x87 0x80 0x00 0x00
0x00 0x00 0x00 0x04
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)
=>
You can refer chapter 7 of this document
https://community.nxp.com/docs/DOC-340994
regarding to Code Signing Tool usage.
I do not have access to that document. How do I get it?
I need information on all the config options for the file.