Verifying Code Signing Tool (CST) Output on i.MX6SX

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Verifying Code Signing Tool (CST) Output on i.MX6SX

1,162 Views
shauntomaszewsk
Contributor I

Hello,

We are in the process of integrating an HSM with NXP's Code Signing Tool (CST).  We replaced the libbackend.a with calls for our HSM. 

We were able to get the CST to sign successfully using our HSM. 

Is there a way to verify the output of the CST executable?  We did not see one.  Ideally we would be able to verify our image without having to load it on an i.MX6SX processor every time.  We would like to automate the signing/verifying process and manually having to load it on the i.MX6SX processor would slow that down.

Tags (1)
2 Replies

917 Views
lwn
Contributor II

Hello,

u-boot/mkimage recently too gained such capabilities: Add support for signing with pkcs11 -> http://git.denx.de/?p=u-boot.git;a=commit;h=f1ca1fdebf1cde1c37c91b3d85f8b7af111112ea

What kind of interface/protocol did you use to connect to your HSM from CST? pkcs11?

Thanks!

0 Kudos

917 Views
Yuri
NXP Employee
NXP Employee

Hello,

  We do not have tools to test the CST outputs - the using i.MX6SX target for checking

is the best way.

Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos