Hi Brian,
On Mon, 21 Oct 2024 at 09:38, Brian Ruley brian.ruley@gehealthcare.com wrote:
Add coverage for IMX8M code siging. Create PKI tree and other assets required by `cst' using `hab4_pki_tree.sh' script and `srktool' in `cst_3.4.1' [1].
[1] https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL_NEW
Signed-off-by: Brian Ruley brian.ruley@gehealthcare.com
Changes for v2:
- Added missing *.pem files
- Rebased on top of "[PATCH v4 2/2] binman: add fast authentication method for i.MX8M signing"
- Included a test for fast authentication
Changes for v3:
- Fixed relative path for SRK table and *.pem files in 341_nxp_imx8mcst.dts
tools/binman/ftest.py | 11 ++ tools/binman/test/340_nxp_imx8mcst.dts | 58 +++++++++ .../test/341_nxp_imx8mcst_fast_auth.dts | 18 +++ .../CSF1_1_sha256_4096_65537_v3_usr_crt.pem | 121 ++++++++++++++++++ .../IMG1_1_sha256_4096_65537_v3_usr_crt.pem | 121 ++++++++++++++++++ .../SRK1_sha256_4096_65537_v3_usr_crt.pem | 121 ++++++++++++++++++ tools/binman/test/cst/crts/SRK_table.bin | Bin 0 -> 531 bytes .../test/cst/crts/SRK_table_fast_auth.bin | Bin 0 -> 531 bytes .../CSF1_1_sha256_4096_65537_v3_usr_key.pem | 54 ++++++++ .../IMG1_1_sha256_4096_65537_v3_usr_key.pem | 54 ++++++++ .../SRK1_sha256_4096_65537_v3_usr_key.pem | 54 ++++++++ tools/binman/test/cst/keys/key_pass.txt | 2 + 12 files changed, 614 insertions(+) create mode 100644 tools/binman/test/340_nxp_imx8mcst.dts create mode 100644 tools/binman/test/341_nxp_imx8mcst_fast_auth.dts create mode 100644 tools/binman/test/cst/crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem create mode 100644 tools/binman/test/cst/crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem create mode 100644 tools/binman/test/cst/crts/SRK1_sha256_4096_65537_v3_usr_crt.pem create mode 100644 tools/binman/test/cst/crts/SRK_table.bin create mode 100644 tools/binman/test/cst/crts/SRK_table_fast_auth.bin create mode 100644 tools/binman/test/cst/keys/CSF1_1_sha256_4096_65537_v3_usr_key.pem create mode 100644 tools/binman/test/cst/keys/IMG1_1_sha256_4096_65537_v3_usr_key.pem create mode 100644 tools/binman/test/cst/keys/SRK1_sha256_4096_65537_v3_usr_key.pem create mode 100644 tools/binman/test/cst/keys/key_pass.txt
I am still seeing some sort of problem here:
====================================================================== ERROR: testNxpImx8mCst (binman.ftest.TestFunctional.testNxpImx8mCst) Test that binman can sign an iMX8M image ---------------------------------------------------------------------- ValueError: Filename 'cst/crts/SRK_table.bin' not found in input path (/tmp/binmant.tryjm0q0) (cwd='/home/sglass/files.local/u-boot')
====================================================================== ERROR: testNxpImx8mCstFastAuth (binman.ftest.TestFunctional.testNxpImx8mCstFastAuth) Test that binman can sign an iMX8M image using fast authentication ---------------------------------------------------------------------- ValueError: Filename 'cst/crts/SRK_table_fast_auth.bin' not found in input path (/tmp/binmant.tryjm0q0) (cwd='/home/sglass/files.local/u-boot')
but it could be because I had trouble applying it:
git am ~/Downloads/v3-1-2-binman-nxp_imx8mcst-read-certificates-from-input-path.patch Applying: binman: nxp_imx8mcst: read certificates from input path Applying: binman: expand test coverage to nxp_imx8mcst .git/rebase-apply/patch:210: trailing whitespace. X509v3 Basic Constraints: .git/rebase-apply/patch:212: trailing whitespace. Netscape Comment: .git/rebase-apply/patch:214: trailing whitespace. X509v3 Subject Key Identifier: .git/rebase-apply/patch:216: trailing whitespace. X509v3 Authority Key Identifier: .git/rebase-apply/patch:337: trailing whitespace. X509v3 Basic Constraints: error: patch failed: tools/binman/ftest.py:7804 error: tools/binman/ftest.py: patch does not apply Patch failed at 0002 binman: expand test coverage to nxp_imx8mcst hint: Use 'git am --show-current-patch=diff' to see the failed patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". sglass@okaro:~/u$ pm patching file tools/binman/ftest.py Hunk #2 merged at 7906-7912. patching file tools/binman/test/340_nxp_imx8mcst.dts patching file tools/binman/test/341_nxp_imx8mcst_fast_auth.dts patching file tools/binman/test/cst/crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem patching file tools/binman/test/cst/crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem patching file tools/binman/test/cst/crts/SRK1_sha256_4096_65537_v3_usr_crt.pem File tools/binman/test/cst/crts/SRK_table.bin: git binary diffs are not supported. File tools/binman/test/cst/crts/SRK_table_fast_auth.bin: git binary diffs are not supported. patching file tools/binman/test/cst/keys/CSF1_1_sha256_4096_65537_v3_usr_key.pem patching file tools/binman/test/cst/keys/IMG1_1_sha256_4096_65537_v3_usr_key.pem patching file tools/binman/test/cst/keys/SRK1_sha256_4096_65537_v3_usr_key.pem patching file tools/binman/test/cst/keys/key_pass.txt
Could you please rebase on -master and resend?
Regards, Simon