I am attempting to use the Linux 64-bit version of CST 3.1.0 to encrypt various images for boot. I am able to successfully encrypt an SPL and U-Boot image and can boot from both on an i.MX6 with no issues. However when I attempt to encrypt my Kernel Image the CST fails with a segmentation fault. After a little bit of trial and error, it would appear that the CST will happily encrypt an image up to about 0x7FD000 (8,376,620) bytes. I found the precise number to be 0x7FDCB0 (8,379,568) bytes, however according to Appendix G.1 of Application Note 4581 a kernel image must be padded to the nearest 0x1000 boundary; 0x7FD000 is the closest boundary that will still work.
I am using the FIT Image format which in my case contains a zImage, a Device Tree Binary, and an initramfs, so my image is inherently big. However, I can verify that a zImage padded to be 0x7FD000 bytes can be encrypted successfully, but a zImage padded to 0x7FE000 will segfault.
Is this a known issue for the CST or is this a hard limit of the HAB module? If it's an issue with the CST, is there any plan to fix this issue in a future release?