i.MX8MN CST Syntax Error

Eric5 · ‎03-22-2022

Hi,

I've been following along with your MX8M Secure Boot Doc for Release 5.4.70, as well as your HABv4 guide. I have also been using the latest version of NXP's CST tool. However, I seem to be getting a syntax error when ever I try signing my FIT image.

Here are the steps on my end to reproduce the issue:

$ cd cst
$ ./hab4_pki_tree.sh
  Do you want to use an existing CA key (y/n)?: n
  Do you want to use Elliptic Curve Cryptography (y/n)?: n
  Enter key length in bits for PKI tree: 2048
  Enter PKI tree duration (years): 5
  How many Super Root Keys should be generated? 4
  Do you want the SRK certificates to have the CA flag set? (y/n)?: y

$ cd ../crts
$ ../linux64/bin/srktool -h 4 -t SRK_1_2_3_4_table.bin -e \
	SRK_1_2_3_4_fuse.bin -d sha256 -c \
	SRK1_sha256_2048_65537_v3_ca_crt.pem,\
	SRK2_sha256_2048_65537_v3_ca_crt.pem,\
	SRK3_sha256_2048_65537_v3_ca_crt.pem,\
	SRK4_sha256_2048_65537_v3_ca_crt.pem

$ cd ../linux64/bin
$ ./cst -i csf_spl.txt -o csf_spl.bin
error: line 1: syntax error
Undefined error

Here is the contents of my csf_spl.txt file:

$ cat csf_spl.txt
Blocks = 0x911fc0 0x0 0x22800 "/home/eric/imx-mkimage/iMX8M/flash.bin"

The syntax of this file seem to match your documentation 1-1, except for the flash.bin path. However, I've also tried copying the flash.bin file over to the same directory as the CST binary and replacing the full path within csf_spl.txt with just "flash.bin" to match your documentation. I've also had no success with that solution.

Thanks!

Zhiming_Liu · ‎03-22-2022

csf_spl should like this:

[Header]
    Version = 4.3
    Hash Algorithm = sha256
    Engine = CAAM
    Engine Configuration = 0
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    # Index of the key location in the SRK table to be installed
    File = "../crts/SRK_1_2_3_4_table.bin"
    Source index = 0

[Install CSFK]
    # Key used to authenticate the CSF data
    File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Unlock]
    # Leave Job Ring and DECO master ID registers Unlocked
    Engine = CAAM
    Features = MID

[Install Key]
    # Key slot index used to authenticate the key to be installed
    Verification index = 0
    # Target key slot in HAB key store where key will be installed
    Target index = 2
    # Key to install
    File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
    
[Authenticate Data]
    Verification index = 2
    Blocks = 0x91ffc0 0x0 0x30600 "imx-boot-imx8mp-lpddr4-evk-sd.bin-flash_evk"

View solution in original post

Zhiming_Liu · ‎03-22-2022

csf_spl should like this:

[Header]
    Version = 4.3
    Hash Algorithm = sha256
    Engine = CAAM
    Engine Configuration = 0
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    # Index of the key location in the SRK table to be installed
    File = "../crts/SRK_1_2_3_4_table.bin"
    Source index = 0

[Install CSFK]
    # Key used to authenticate the CSF data
    File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Unlock]
    # Leave Job Ring and DECO master ID registers Unlocked
    Engine = CAAM
    Features = MID

[Install Key]
    # Key slot index used to authenticate the key to be installed
    Verification index = 0
    # Target key slot in HAB key store where key will be installed
    Target index = 2
    # Key to install
    File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
    
[Authenticate Data]
    Verification index = 2
    Blocks = 0x91ffc0 0x0 0x30600 "imx-boot-imx8mp-lpddr4-evk-sd.bin-flash_evk"

i.MX8MN CST Syntax Error

i.MX8MN CST Syntax Error

i.MX 8M | i.MX 8M Mini | i.MX 8M Nano

Linux

Security