[PATCH v4] binman: add CST backend selection for i.MX8M signing
Simon Glass
sjg at chromium.org
Thu May 7 17:31:23 CEST 2026
Hi Marek,
On 2026-05-04T19:04:59, Marek Vasut <marex at nabladev.com> wrote:
> binman: add CST backend selection for i.MX8M signing
>
> Add support for setting the CST backend, both via DT property and
> CST_BACKEND environment variable. The CST currently supports two
> backends, 'ssl' and 'pkcs11', with 'ssl' being the default when
> CST tool is invoked without any -b parameter. Keep 'ssl' backend
> as the default, but explicitly pass it via the '-b' parameter,
> unless the user selects 'pkcs11' via either method.
>
> Signed-off-by: Marek Vasut <marex at nabladev.com>
>
> doc/imx/habv4/guides/mx8m_spl_secure_boot.txt | 30 +++++++++++++++++----------
> tools/binman/etype/nxp_imx8mcst.py | 19 ++++++++++++++++-
> 2 files changed, 37 insertions(+), 12 deletions(-)
> diff --git a/tools/binman/etype/nxp_imx8mcst.py b/tools/binman/etype/nxp_imx8mcst.py
> @@ -90,6 +97,10 @@ class Entry_nxp_imx8mcst(Entry_mkimage):
> + self.backend = os.getenv(
> + 'CST_BACKEND', fdt_util.GetString(self._node, 'nxp,cst-backend',
> + 'ssl'))
> +
Please add a binman test covering this new feature - see
testNxpImx8mCSTFastAuth in ftest.py and the vendor/nxp_imx8_csf*.dts
fixtures. The missing coverage line for me is 177 (cst_backend =
"pkcs11" )
Are you able to run 'binman test -T' ?
PLMK if you need help.
Regards,
Simon
More information about the U-Boot
mailing list