We have a DART-MX8M Evaluation kit and are trying to use HAB for setting up a secure boot chain.
We build our software through yocto (rocko) and for producing a functional bootloader image we use the imx-boot recipe. The image produced by imx-boot seems to be a compounded image consisting of SPL+U-boot+ddr4-config+other stuff.
When building for i.MX6 we could use CST (+some Variscite provided scripts) to sign each bootloader image (SPL and U-boot) separately, but now we are not sure.
How are you supposed to sign SPL and U-boot image when they are compounded into one image like this?