AnsweredAssumed Answered

How do use the Code Signing Tool (CST) on an encrypted blob?

Question asked by Keith Artel on Mar 31, 2017
Latest reply on Apr 3, 2017 by ufedor

I'm working with the P4080 processor.  I'm looking at the Freescale Linux SDK v1.7 For QorIQ Processors document, and in the ESBC Phase / Chain of Trust with Confidentiality section, it talks about encapsulation and decapsulation of images.  However, what I would like to do is encapsulate an image and then create a CSF Header for that encapsulated blob.  However, the Code Signing Tool (CST) runs on a Linux box and this encapsulation and decapsulation happens in U-Boot. 

 

Is there a way for me to create a CSF Header for this encrypted blob that I create in U-Boot?  Or is the best that I can do is what was done in the Product Execution / Chain of Trust with Confidentiality section where it creates CSF headers for the ESBC U-Boot Image and boot scripts but not for the images itself.

Outcomes