1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
=pod
=head1 NAME
cst - Code Signing Tool for generating binary CSF files for NXP secure boot
=head1 SYNOPSIS
B<cst> B<--output> I<file> B<--input> I<file>
[B<--cert> I<cert.pem>] [B<--backend> I<ssl|pkcs11>]
[B<--verbose>]
B<cst> B<--license>|B<--version>|B<--help>
=head1 DESCRIPTION
B<cst> (Code Signing Tool) is used to generate a binary Command Sequence File (CSF) required by the HAB or AHAB secure boot mechanisms on NXP i.MX processors. The CSF contains the authentication commands and signature data used to verify signed boot images during the secure boot process.
The tool processes a plain-text CSF description file and produces a binary CSF that can be appended to or embedded in a boot image. Optionally, a certificate can be provided to encrypt the Data Encryption Key (DEK).
=head1 OPTIONS
=over 4
=item B<-o>, B<--output> I<file>
The output binary CSF file to generate.
=item B<-i>, B<--input> I<file>
The input CSF description text file.
=item B<-c>, B<--cert> I<cert.pem>
Public key certificate to encrypt the DEK (optional).
=item B<-b>, B<--backend> I<ssl|pkcs11>
Optional. Backend for key handling. Default is 'ssl' (local filesystem).
'pkcs11' uses a PKCS#11-compatible keystore.
=item B<-g>, B<--verbose>
Enable verbose output.
=item B<-l>, B<--license>
Print license information and exit.
=item B<-v>, B<--version>
Print the tool version and exit.
=item B<-h>, B<--help>
Display a brief help message.
=back
=head1 EXAMPLES
=over 4
=item Generate binary CSF from a text CSF file:
cst -o out_csf.bin -i hab4.csf
=item Encrypt DEK with a certificate:
cst -o out_csf.bin -c cert.pem -i hab4.csf
=back
=head1 SEE ALSO
L<srktool(1)>, L<csf_parser(1)>
=cut
|
