[PATCH v4] binman: add CST backend selection for i.MX8M signing
Tom Rini
trini at konsulko.com
Mon May 25 16:12:22 CEST 2026
On Sun, May 24, 2026 at 06:20:48PM +0200, Marek Vasut wrote:
> On 5/7/26 5:31 PM, Simon Glass wrote:
> > Hi Marek,
> >
> > On 2026-05-04T19:04:59, Marek Vasut <marex at nabladev.com> wrote:
> > > binman: add CST backend selection for i.MX8M signing
> > >
> > > Add support for setting the CST backend, both via DT property and
> > > CST_BACKEND environment variable. The CST currently supports two
> > > backends, 'ssl' and 'pkcs11', with 'ssl' being the default when
> > > CST tool is invoked without any -b parameter. Keep 'ssl' backend
> > > as the default, but explicitly pass it via the '-b' parameter,
> > > unless the user selects 'pkcs11' via either method.
> > >
> > > Signed-off-by: Marek Vasut <marex at nabladev.com>
> > >
> > > doc/imx/habv4/guides/mx8m_spl_secure_boot.txt | 30 +++++++++++++++++----------
> > > tools/binman/etype/nxp_imx8mcst.py | 19 ++++++++++++++++-
> > > 2 files changed, 37 insertions(+), 12 deletions(-)
> >
> > > diff --git a/tools/binman/etype/nxp_imx8mcst.py b/tools/binman/etype/nxp_imx8mcst.py
> > > @@ -90,6 +97,10 @@ class Entry_nxp_imx8mcst(Entry_mkimage):
> > > + self.backend = os.getenv(
> > > + 'CST_BACKEND', fdt_util.GetString(self._node, 'nxp,cst-backend',
> > > + 'ssl'))
> > > +
> >
> > Please add a binman test covering this new feature - see
> > testNxpImx8mCSTFastAuth in ftest.py and the vendor/nxp_imx8_csf*.dts
> > fixtures. The missing coverage line for me is 177 (cst_backend =
> > "pkcs11" )
>
> The pkcs11 option requires a HSM, how do you propose to test that ?
We have softhsm already in the CI container and
tools/binman/btool/softhsm2_util.py and tools/binman/ftest.py has an
example that might be useful.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20260525/d1e81255/attachment.sig>
More information about the U-Boot
mailing list