mirror of
https://github.com/u-boot/u-boot.git
synced 2025-04-21 20:34:38 +00:00
bc6beae7c5
Add new binman etype which allows signing both the SPL and fitImage sections of i.MX8M flash.bin using CST. There are multiple DT properties which govern the signing process, nxp,loader-address is the only mandatory one which sets the SPL signature start address without the imx8mimage header, this should be SPL text base. The key material can be configured using optional DT properties nxp,srk-table, nxp,csf-crt, nxp,img-crt, all of which default the key material names generated by CST tool scripts. The nxp,unlock property can be used to unlock CAAM access in SPL section. Reviewed-by: Tim Harvey <tharvey@gateworks.com> Signed-off-by: Marek Vasut <marex@denx.de>
48 lines
1.2 KiB
Python
48 lines
1.2 KiB
Python
# SPDX-License-Identifier: GPL-2.0+
|
|
# Copyright 2024 Marek Vasut <marex@denx.de>
|
|
#
|
|
"""Bintool implementation for cst"""
|
|
|
|
import re
|
|
|
|
from binman import bintool
|
|
|
|
class Bintoolcst(bintool.Bintool):
|
|
"""Image generation for U-Boot
|
|
|
|
This bintool supports running `cst` with some basic parameters as
|
|
needed by binman.
|
|
"""
|
|
def __init__(self, name):
|
|
super().__init__(name, 'Sign NXP i.MX image')
|
|
|
|
# pylint: disable=R0913
|
|
def run(self, output_fname=None):
|
|
"""Run cst
|
|
|
|
Args:
|
|
output_fname: Output filename to write to
|
|
"""
|
|
args = []
|
|
if output_fname:
|
|
args += ['-o', output_fname]
|
|
return self.run_cmd(*args)
|
|
|
|
def fetch(self, method):
|
|
"""Fetch handler for cst
|
|
|
|
This installs cst using the apt utility.
|
|
|
|
Args:
|
|
method (FETCH_...): Method to use
|
|
|
|
Returns:
|
|
True if the file was fetched and now installed, None if a method
|
|
other than FETCH_BIN was requested
|
|
|
|
Raises:
|
|
Valuerror: Fetching could not be completed
|
|
"""
|
|
if method != bintool.FETCH_BIN:
|
|
return None
|
|
return self.apt_install('imx-code-signing-tool')
|