- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- Re: cst(code signing tool) binary issue
cst(code signing tool) binary issue
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
cst(code signing tool) binary issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi team,
I am using the imx8qxp-mek board and implementing the secure-boot.
So, I am following this doc for signing the uboot
I am using the debian yocto environment for build package.
I have to use the cst binary to sign the uboot-atf file. which I am using in the uboot debian/rules file.
Below is my code snippet for signing the uboot-atf
ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)-
SET_CROSS_BUILD_TOOLS=CROSS_BUILD_TOOLS=y
endif
override_dh_auto_build:
$(MAKE) $(PARALLEL_BUILD) -C tools/imx/ SOC=${IMX8_SOC} REV=C0 u-boot-atf-container.img
@echo "--- Copy uboot-atf ---"
set -x
cp tools/imx/${IMX8_SOC_DIR}/u-boot-atf-container.img release/linux64/
@echo "--- Sign the uboot-atf ---"
cd release/linux64/ && \
echo "---- Current directory: $$(pwd) ---" && \
ls -l && \
bash ./bin/cst -i csf_uboot_atf.txt -o signed-u-boot-atf-container.img
But while doing this I am getting the error saying below.
./bin/cst: ./bin/cst: cannot execute binary file
Could you please give some suggestion on this issue, I am unable to run the cst binary !
Is this because cst is not supported on ARM64 or platform issue?
How to acheive this uboot-atf signing and then using this further for imx-mkimage flash_spl build.
Your input on this would really be helpful.
Regards,
Rk
Harvey021
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No support for ARM platform as I know so far.
As you see these platform supported. linux32 mingw32 linux64 osx
Best regards
Harvey
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Harvey021 ,
while running the ahab_pki_tree.sh on imx8qxp board, I am getting below error.
release/linux64# ./ahab_pki_tree.sh
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This script is a part of the Code signing tools for NXP's
Advanced High Assurance Boot. It generates a basic PKI tree. The
PKI tree consists of one or more Super Root Keys (SRK), with each
SRK having one subordinate keys:
+ a Signing key (SGK)
Additional keys can be added to the PKI tree but a separate
script is available for this. This this script assumes openssl
is installed on your system and is included in your search
path. Finally, the private keys generated are password
protectedwith the password provided by the file key_pass.txt.
The format of the file is the password repeated twice:
my_password
my_password
All private keys in the PKI tree are in PKCS #8 format will be
protected by the same password.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Do you want to use an existing CA key (y/n)?: n
Do you want to use Elliptic Curve Cryptography (y/n)?: y
Enter length for elliptic curve to be used for PKI tree:
Possible values p256, p384, p521: p384
Enter the digest algorithm to use: sha384
Enter PKI tree duration (years): 5
Do you want the SRK certificates to have the CA flag set? (y/n)?: y
+++++++++++++++++++++++++++++++++++++
+ Generating CA key and certificate +
+++++++++++++++++++++++++++++++++++++
Can't open "../ca/openssl.cnf" for reading, No such file or directory
2030030355000000:error:80000002:system library:BIO_new_file:No such file or directory:../crypto/bio/bss_file.c:67:calling fopen(../ca/openssl.cnf, r)
2030030355000000:error:10000080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:75:
Can't open "temp_ca.pem" for reading, No such file or directory
2030030355000000:error:80000002:system library:BIO_new_file:No such file or directory:../crypto/bio/bss_file.c:67:calling fopen(temp_ca.pem, r)
2030030355000000:error:10000080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:75:
Can't open "temp_ca.pem" for reading, No such file or directory
2030030355000000:error:80000002:system library:BIO_new_file:No such file or directory:../crypto/bio/bss_file.c:67:calling fopen(temp_ca.pem, r)
2030030355000000:error:10000080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:75:
rm: cannot remove 'temp_ca.pem': No such file or directory
++++++++++++++++++++++++++++++++++++++++
+ Generating SRK key and certificate 1 +
++++++++++++++++++++++++++++++++++++++++
read EC key
writing EC key
Using configuration from ../ca/openssl.cnf
Can't open "../ca/openssl.cnf" for reading, No such file or directory
2030030355000000:error:80000002:system library:BIO_new_file:No such file or directory:../crypto/bio/bss_file.c:67:calling fopen(../ca/openssl.cnf, r)
2030030355000000:error:10000080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:75:
++++++++++++++++++++++++++++++++++++++++
+ Generating SGK key and certificate 1 +
++++++++++++++++++++++++++++++++++++++++
read EC key
writing EC key
Using configuration from ../ca/openssl.cnf
Can't open "../ca/openssl.cnf" for reading, No such file or directory
2030030355000000:error:80000002:system library:BIO_new_file:No such file or director
Am i missing any thing here.
Could you please suggest on this.
Regards,
Rk
