On 5/16/24 11:40 PM, Tim Harvey wrote:
[...]
-The entire script is available in doc/imx/habv4/csf_examples/mx8m/csf.sh
-and can be used as follows to modify flash.bin to be signed
-(adjust paths as needed):
-```
-export CST_DIR=/usr/src/cst-3.3.1/
-export CSF_KEY=$CST_DIR/crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem
-export IMG_KEY=$CST_DIR/crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem
-export SRK_TABLE=$CST_DIR/crts/SRK_1_2_3_4_table.bin
-export PATH=$CST_DIR/linux64/bin:$PATH
Hi Marek,
I thought you were going to leave the above env setting examples in
the documentation.
I suggest showing how to specify using env (by just leaving the above
in) as well as by copying them directly to the build directory if
wanted.. otherwise the documentation is lacking.
If the tool can do env vars now, I would like to avoid copying key
material around. So what about this:
diff --git a/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt
b/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt
index 1eb1fb0aa61..257ffb45656 100644
--- a/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt
+++ b/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt
@@ -144,6 +144,8 @@ The signing is activated by wrapping SPL and
fitImage sections into nxp-imx8mcst
etype, which is done automatically in
arch/arm/dts/imx8m{m,n,p,q}-u-boot.dtsi
in case CONFIG_IMX_HAB Kconfig symbol is enabled.
+Build of flash.bin target then produces a signed flash.bin automatically.
+
The nxp-imx8mcst etype is configurable using either DT properties or
environment
variables. The following DT properties and environment variables are
supported.
Note that environment variables override DT properties.
@@ -160,7 +162,15 @@ Note that environment variables override DT properties.
| nxp,img-crt | IMG_KEY | full path to the IMG Key
IMG1_1_sha256_4096_65537_v3_usr_crt.pem |
+--------------------+-----------+------------------------------------------------------------------+
-Build of flash.bin target then produces a signed flash.bin automatically.
+Environment variables can be set as follows to point the build process
+to external key material:
+```
+export CST_DIR=/usr/src/cst-3.3.1/
+export CSF_KEY=$CST_DIR/crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem
+export IMG_KEY=$CST_DIR/crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem
+export SRK_TABLE=$CST_DIR/crts/SRK_1_2_3_4_table.bin
+make flash.bin
+```
1.4 Closing the device
-----------------------