On 2/13/26 9:20 PM, Simon Glass wrote: Hello Simon,
diff --git a/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt b/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt index 1bea091344d..a3ebd397d82 100644 --- a/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt +++ b/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt @@ -167,17 +167,25 @@ The nxp-imx8mcst etype is configurable using either DT properties or environment variables. The following DT properties and environment variables are supported. Note that environment variables override DT properties. -+--------------------+-----------+------------------------------------------------------------------+ -| DT property | Variable | Description | -+====================+===========+==================================================================+ -| nxp,loader-address | | SPL base address | -+--------------------+-----------+------------------------------------------------------------------+ -| nxp,srk-table | SRK_TABLE | full path to SRK_1_2_3_4_table.bin | -+--------------------+-----------+------------------------------------------------------------------+ -| nxp,csf-crt | CSF_KEY | full path to the CSF Key CSF1_1_sha256_4096_65537_v3_usr_crt.pem | -+--------------------+-----------+------------------------------------------------------------------+ -| nxp,img-crt | IMG_KEY | full path to the IMG Key IMG1_1_sha256_4096_65537_v3_usr_crt.pem | -+--------------------+-----------+------------------------------------------------------------------+ ++--------------------+-------------+------------------------------------------------------------------+ +| DT property | Variable | Description | ++====================+=============+==================================================================+ +| nxp,loader-address | | SPL base address | ++--------------------+-------------+------------------------------------------------------------------+ +| nxp,srk-table | SRK_TABLE | full path to SRK_1_2_3_4_table.bin | ++--------------------+-------------+------------------------------------------------------------------+ +| nxp,csf-crt | CSF_KEY | full path to the CSF Key CSF1_1_sha256_4096_65537_v3_usr_crt.pem | ++--------------------+-------------+------------------------------------------------------------------+ +| nxp,img-crt | IMG_KEY | full path to the IMG Key IMG1_1_sha256_4096_65537_v3_usr_crt.pem | ++--------------------+-------------+------------------------------------------------------------------+ +| nxp,fast-auth | | enable fast authentication method | ++--------------------+-------------+------------------------------------------------------------------+ +| nxp,srk-crt | SRK_KEY | full path to the SRK Key SRK1_sha256_4096_65537_v3_ca_crt.pem | ++--------------------+-------------+------------------------------------------------------------------+ +| nxp,unlock | | unlock CAAM in SPL | ++--------------------+-------------+------------------------------------------------------------------+ +| nxp,cst-backend | CST_BACKEND | CST tool backend, default is 'ssl', or selectable 'pkcs11' | ++--------------------+-------------+------------------------------------------------------------------+Perhaps point to an example?
Example of what ? Two lines below, there is an example of using those env vars, see the entire file.
Why is there this entries.rst then ? Should the entries be removed from here and moved into the py file or what is this inconsistency ?Environment variables can be set as follows to point the build process to external key material: diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst index 8922d6cd070..29bc778d0e5 100644 --- a/tools/binman/entries.rst +++ b/tools/binman/entries.rst @@ -1664,6 +1664,13 @@ Entry: nxp-imx8mcst: NXP i.MX8M CST .cfg file generator and cst invoker Properties / Entry arguments: - nxp,loader-address - loader address (SPL text base) + - nxp,srk-table - full path to SRK_1_2_3_4_table.bin + - nxp,csf-crt - full path to the CSF Key CSF1_1_sha256_4096_65537_v3_usr_crt.pem + - nxp,img-crt - full path to the IMG Key IMG1_1_sha256_4096_65537_v3_usr_crt.pem + - nxp,fast-auth - enable fast authentication method + - nxp,srk-crt - full path to the SRK Key SRK1_sha256_4096_65537_v3_ca_crt.pem + - nxp,unlock - unlock CAAM in SPL + - nxp,cst-backend - CST tool backend, default is 'ssl', or selectable 'pkcs11'The way it works is you add this as a comment in nxp_imx8mcst.py and then run 'binman entry-docs' to generate entries.rst - see here: https://docs.u-boot.org/en/latest/develop/package/binman.html#entry-documentation
