@@ -70,23 +70,26 @@ class Entry_nxp_imx8mcst(Entry_mkimage):
def __init__(self, section, etype, node):
super().__init__(section, etype, node)
self.required_props = ['nxp,loader-address']
+ self._cst_key_path = os.getenv('CST_KEY_PATH', None)
+ if self._cst_key_path:
+ tools.set_input_dirs([self._cst_key_path] + tools.indir)
def ReadNode(self):
super().ReadNode()
self.loader_address = fdt_util.GetInt(self._node, 'nxp,loader-address')
- self.srk_table = os.getenv(
+ self._srk_table = os.getenv(
'SRK_TABLE', fdt_util.GetString(self._node, 'nxp,srk-table',
'SRK_1_2_3_4_table.bin'))
self.fast_auth = fdt_util.GetBool(self._node, 'nxp,fast-auth')
if not self.fast_auth:
- self.csf_crt = os.getenv(
+ self._csf_crt = os.getenv(
'CSF_KEY', fdt_util.GetString(self._node, 'nxp,csf-crt',
f'CSF1_1_{KEY_NAME}.pem'))
- self.img_crt = os.getenv(
+ self._img_crt = os.getenv(
'IMG_KEY', fdt_util.GetString(self._node, 'nxp,img-crt',
f'IMG1_1_{KEY_NAME}.pem'))
else:
- self.srk_crt = os.getenv(
+ self._srk_crt = os.getenv(
'SRK_KEY', fdt_util.GetString(self._node, 'nxp,srk-crt',
f'SRK1_{KEY_NAME}.pem'))
@@ -142,15 +145,19 @@ class Entry_nxp_imx8mcst(Entry_mkimage):
config.optionxform = str
# Load configuration template and modify keys of interest
config.read_string(CSF_CONFIG_TEMPLATE)
- config['Install SRK']['File'] = f'"{self.srk_table}"'
+ srk_table = tools.get_input_filename(self._srk_table)
+ config['Install SRK']['File'] = f'"{srk_table}"'
if not self.fast_auth:
+ csf_crt = tools.get_input_filename(self._csf_crt)
+ img_crt = tools.get_input_filename(self._img_crt)
config.remove_section('Install NOCAK')
- config['Install CSFK']['File'] = f'"{self.csf_crt}"'
- config['Install Key']['File'] = f'"{self.img_crt}"'
+ config['Install CSFK']['File'] = f'"{csf_crt}"'
+ config['Install Key']['File'] = f'"{img_crt}"'
else:
+ srk_crt = tools.get_input_filename(self._srk_crt)
config.remove_section('Install CSFK')
config.remove_section('Install Key')
- config['Install NOCAK']['File'] = f'"{self.srk_crt}"'
+ config['Install NOCAK']['File'] = f'"{srk_crt}"'
config['Authenticate Data']['Verification index'] = '0'
config['Authenticate Data']['Blocks'] = \
Right now, it is unclear where the certificates (and private keys) are read from if environment variables are unset, and providing complete paths in the device tree is not ideal. Naturally, it makes sense to be able to decide where binman should look for the files, regardless whether the keys are specified in the device tree or not. Therefore, expand the etype to look for the necessary files from the input path. Introduce a new variable to provide users the ability to specify a custom path. As a consequence of this change, the environment variables used to specify the keys, e.g., `IMG_KEY', will be searched *relative* to the input directories. Signed-off-by: Brian Ruley <brian.ruley@gehealthcare.com> --- Changes for v2: - Added missing *.pem files - Rebased on top of "[PATCH v4 2/2] binman: add fast authentication method for i.MX8M signing" - Included a test for fast authentication Changes for v3: - Fixed relative path for SRK table and *.pem files in 340_nxp_imx8mcst.dts Changes for v4: - Rebased on master tools/binman/etype/nxp_imx8mcst.py | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-)