I'm working with the P4080 processor. I'm looking at the Freescale Linux SDK v1.7 For QorIQ Processors document, and in the ESBC Phase / Chain of Trust with Confidentiality section, it talks about encapsulation and decapsulation of images. However, what I would like to do is encapsulate an image and then create a CSF Header for that encapsulated blob. However, the Code Signing Tool (CST) runs on a Linux box and this encapsulation and decapsulation happens in U-Boot.
Is there a way for me to create a CSF Header for this encrypted blob that I create in U-Boot? Or is the best that I can do is what was done in the Product Execution / Chain of Trust with Confidentiality section where it creates CSF headers for the ESBC U-Boot Image and boot scripts but not for the images itself.