Hi,
I've been following along with your MX8M Secure Boot Doc for Release 5.4.70, as well as your HABv4 guide. I have also been using the latest version of NXP's CST tool. However, I seem to be getting a syntax error when ever I try signing my FIT image.
Here are the steps on my end to reproduce the issue:
$ cd cst
$ ./hab4_pki_tree.sh
Do you want to use an existing CA key (y/n)?: n
Do you want to use Elliptic Curve Cryptography (y/n)?: n
Enter key length in bits for PKI tree: 2048
Enter PKI tree duration (years): 5
How many Super Root Keys should be generated? 4
Do you want the SRK certificates to have the CA flag set? (y/n)?: y
$ cd ../crts
$ ../linux64/bin/srktool -h 4 -t SRK_1_2_3_4_table.bin -e \
SRK_1_2_3_4_fuse.bin -d sha256 -c \
SRK1_sha256_2048_65537_v3_ca_crt.pem,\
SRK2_sha256_2048_65537_v3_ca_crt.pem,\
SRK3_sha256_2048_65537_v3_ca_crt.pem,\
SRK4_sha256_2048_65537_v3_ca_crt.pem
$ cd ../linux64/bin
$ ./cst -i csf_spl.txt -o csf_spl.bin
error: line 1: syntax error
Undefined error
Here is the contents of my csf_spl.txt file:
$ cat csf_spl.txt
Blocks = 0x911fc0 0x0 0x22800 "/home/eric/imx-mkimage/iMX8M/flash.bin"
The syntax of this file seem to match your documentation 1-1, except for the flash.bin path. However, I've also tried copying the flash.bin file over to the same directory as the CST binary and replacing the full path within csf_spl.txt with just "flash.bin" to match your documentation. I've also had no success with that solution.
Thanks!
Solved! Go to Solution.
csf_spl should like this:
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
# Index of the key location in the SRK table to be installed
File = "../crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
# Key used to authenticate the CSF data
File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Unlock]
# Leave Job Ring and DECO master ID registers Unlocked
Engine = CAAM
Features = MID
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target index = 2
# Key to install
File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
Verification index = 2
Blocks = 0x91ffc0 0x0 0x30600 "imx-boot-imx8mp-lpddr4-evk-sd.bin-flash_evk"
csf_spl should like this:
[Header]
Version = 4.3
Hash Algorithm = sha256
Engine = CAAM
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
# Index of the key location in the SRK table to be installed
File = "../crts/SRK_1_2_3_4_table.bin"
Source index = 0
[Install CSFK]
# Key used to authenticate the CSF data
File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Unlock]
# Leave Job Ring and DECO master ID registers Unlocked
Engine = CAAM
Features = MID
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target index = 2
# Key to install
File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
[Authenticate Data]
Verification index = 2
Blocks = 0x91ffc0 0x0 0x30600 "imx-boot-imx8mp-lpddr4-evk-sd.bin-flash_evk"