cst(code signing tool) binary issue

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

cst(code signing tool) binary issue

865件の閲覧回数
rakesh3
Contributor V

Hi team,

 

I am using the imx8qxp-mek board and implementing the secure-boot.

So, I am following this doc for signing the uboot 

https://github.com/nxp-imx/uboot-imx/blob/lf_v2023.04/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.t...

I am using the debian yocto environment for build package.

I have to use the cst binary to sign the uboot-atf file. which I am using in the uboot debian/rules file.

Below is my code snippet for signing the uboot-atf

ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)-
SET_CROSS_BUILD_TOOLS=CROSS_BUILD_TOOLS=y
endif

override_dh_auto_build:

$(MAKE) $(PARALLEL_BUILD) -C tools/imx/ SOC=${IMX8_SOC} REV=C0 u-boot-atf-container.img
@echo "--- Copy uboot-atf ---"
set -x
cp tools/imx/${IMX8_SOC_DIR}/u-boot-atf-container.img release/linux64/
@echo "--- Sign the uboot-atf ---"
cd release/linux64/ && \
echo "---- Current directory: $$(pwd) ---" && \
ls -l && \
bash ./bin/cst -i csf_uboot_atf.txt -o signed-u-boot-atf-container.img

 

But while doing this I am getting the error saying below.

./bin/cst: ./bin/cst: cannot execute binary file

Could you please give some suggestion on this issue, I am unable to run the cst binary !

Is this because cst is not supported on ARM64 or platform issue? 

How to acheive this uboot-atf signing and then using this further for imx-mkimage flash_spl build.

Your input on this would really be helpful.

 

Regards,

Rk

0 件の賞賛
返信
2 返答(返信)

809件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

No support for ARM platform as I know so far. 

As you see these platform supported.  linux32 mingw32 linux64 osx

 

Best regards

Harvey

0 件の賞賛
返信

773件の閲覧回数
rakesh3
Contributor V

Hi @Harvey021 ,

 

while running the ahab_pki_tree.sh on imx8qxp board, I am getting below error.

release/linux64# ./ahab_pki_tree.sh

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This script is a part of the Code signing tools for NXP's
Advanced High Assurance Boot. It generates a basic PKI tree. The
PKI tree consists of one or more Super Root Keys (SRK), with each
SRK having one subordinate keys:
+ a Signing key (SGK)
Additional keys can be added to the PKI tree but a separate
script is available for this. This this script assumes openssl
is installed on your system and is included in your search
path. Finally, the private keys generated are password
protectedwith the password provided by the file key_pass.txt.
The format of the file is the password repeated twice:
my_password
my_password
All private keys in the PKI tree are in PKCS #8 format will be
protected by the same password.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Do you want to use an existing CA key (y/n)?: n
Do you want to use Elliptic Curve Cryptography (y/n)?: y
Enter length for elliptic curve to be used for PKI tree:
Possible values p256, p384, p521: p384
Enter the digest algorithm to use: sha384
Enter PKI tree duration (years): 5
Do you want the SRK certificates to have the CA flag set? (y/n)?: y

+++++++++++++++++++++++++++++++++++++
+ Generating CA key and certificate +
+++++++++++++++++++++++++++++++++++++

Can't open "../ca/openssl.cnf" for reading, No such file or directory
2030030355000000:error:80000002:system library:BIO_new_file:No such file or directory:../crypto/bio/bss_file.c:67:calling fopen(../ca/openssl.cnf, r)
2030030355000000:error:10000080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:75:
Can't open "temp_ca.pem" for reading, No such file or directory
2030030355000000:error:80000002:system library:BIO_new_file:No such file or directory:../crypto/bio/bss_file.c:67:calling fopen(temp_ca.pem, r)
2030030355000000:error:10000080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:75:
Can't open "temp_ca.pem" for reading, No such file or directory
2030030355000000:error:80000002:system library:BIO_new_file:No such file or directory:../crypto/bio/bss_file.c:67:calling fopen(temp_ca.pem, r)
2030030355000000:error:10000080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:75:
rm: cannot remove 'temp_ca.pem': No such file or directory

++++++++++++++++++++++++++++++++++++++++
+ Generating SRK key and certificate 1 +
++++++++++++++++++++++++++++++++++++++++

read EC key
writing EC key
Using configuration from ../ca/openssl.cnf
Can't open "../ca/openssl.cnf" for reading, No such file or directory
2030030355000000:error:80000002:system library:BIO_new_file:No such file or directory:../crypto/bio/bss_file.c:67:calling fopen(../ca/openssl.cnf, r)
2030030355000000:error:10000080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:75:

++++++++++++++++++++++++++++++++++++++++
+ Generating SGK key and certificate 1 +
++++++++++++++++++++++++++++++++++++++++

read EC key
writing EC key
Using configuration from ../ca/openssl.cnf
Can't open "../ca/openssl.cnf" for reading, No such file or directory
2030030355000000:error:80000002:system library:BIO_new_file:No such file or director

 

Am i missing any thing here. 

Could you please suggest on this.

Regards,

Rk

0 件の賞賛
返信