| CST(1) | i.MX CST Documentation | CST(1) |
NAME¶
cst - Code Signing Tool for generating binary CSF files for NXP secure boot
SYNOPSIS¶
cst --output file --input file [--cert cert.pem] [--backend ssl|pkcs11] [--verbose]
cst --license|--version|--help
DESCRIPTION¶
cst (Code Signing Tool) is used to generate a binary Command Sequence File (CSF) required by the HAB or AHAB secure boot mechanisms on NXP i.MX processors. The CSF contains the authentication commands and signature data used to verify signed boot images during the secure boot process.
The tool processes a plain-text CSF description file and produces a binary CSF that can be appended to or embedded in a boot image. Optionally, a certificate can be provided to encrypt the Data Encryption Key (DEK).
OPTIONS¶
- -o, --output file
- The output binary CSF file to generate.
- -i, --input file
- The input CSF description text file.
- -c, --cert cert.pem
- Public key certificate to encrypt the DEK (optional).
- -b, --backend ssl|pkcs11
- Optional. Backend for key handling. Default is 'ssl' (local filesystem). 'pkcs11' uses a PKCS#11-compatible keystore.
- -g, --verbose
- Enable verbose output.
- -l, --license
- Print license information and exit.
- -v, --version
- Print the tool version and exit.
- -h, --help
- Display a brief help message.
EXAMPLES¶
- Generate binary CSF from a text CSF file:
-
cst -o out_csf.bin -i hab4.csf - Encrypt DEK with a certificate:
-
cst -o out_csf.bin -c cert.pem -i hab4.csf
SEE ALSO¶
| 2025-06-04 |