AnsweredAssumed Answered

[imx6] Cannot open key file when CST tool generate csf data.

Question asked by Chih-Sheng Chang on Apr 14, 2015
Latest reply on Apr 17, 2015 by Chih-Sheng Chang

I use CST tools 2.2 to generate HAB key and certificate. The following is my procedures.


cd keys
creat serial and key_pass.txt.
./  (n,2048,10,4,y)


cd ../crts
../linux/srktool -h 4 -t SRK_1_2_3_4_table.bin -e SRK_1_2_3_4_fuse.bin -d sha256 -c SRK1_sha256_2048_65537_v3_ca_crt.pem,SRK2_sha256_2048_65537_v3_ca_crt.pem,SRK3_sha256_2048_65537_v3_ca_crt.pem,SRK4_sha256_2048_65537_v3_ca_crt.pem


cd ../u-boot
objcopy -I binary -O binary --pad-to 0x6B000 --gap-fill=0x5A u-boot.bin u-boot-pad.bin
../linux/cst --o u-boot_csf.bin < u-boot.csf


When I generate csf data, cst tool return an error message as below.
Error: Cannot open key file ../keys/CSF1_1_sha256_2048_65537_v3_usr_key.pem
4149528200:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:467:
4149528200:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:97:
4149528200:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:123:
4149528200:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:132:


Any suggestions on error message ?

My u-boot.csf,
    Version = 4.1
    Security Configuration = Open
    Hash Algorithm = sha256
    Engine Configuration = 0
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    File = "../crts/SRK_1_2_3_4_table.bin"
    Source index = 0

[Install CSFK]
    File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
    Verification index = 0
    Target index = 2
    File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"

# Sign padded u-boot starting at the IVT through to the end with
# length = 0x6AC00
# This covers the essential parts: IVT, boot data and DCD.
# Blocks have the following definition:
#    Image block start address on i.MX, Offset from start of image file,
#    Length of block in bytes, image data file
[Authenticate Data]
    Verification index = 2
    Blocks = 0x27800400 0x400 0x6AC00 "u-boot-pad.bin"