Add support for setting the CST backend, both via DT property and CST_BACKEND environment variable. The CST currently supports two backends, 'ssl' and 'pkcs11', with 'ssl' being the default when CST tool is invoked without any -b parameter. Keep 'ssl' backend as the default, but explicitly pass it via the '-b' parameter, unless the user selects 'pkcs11' via either method.
Signed-off-by: Marek Vasut <[email protected]> --- Cc: Alper Nebi Yasak <[email protected]> Cc: Simon Glass <[email protected]> Cc: Tom Rini <[email protected]> Cc: [email protected] --- tools/binman/etype/nxp_imx8mcst.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tools/binman/etype/nxp_imx8mcst.py b/tools/binman/etype/nxp_imx8mcst.py index dd9f226b751..3a95da6a35d 100644 --- a/tools/binman/etype/nxp_imx8mcst.py +++ b/tools/binman/etype/nxp_imx8mcst.py @@ -90,6 +90,10 @@ class Entry_nxp_imx8mcst(Entry_mkimage): 'SRK_KEY', fdt_util.GetString(self._node, 'nxp,srk-crt', f'SRK1_{KEY_NAME}.pem')) + self.backend = os.getenv( + 'CST_BACKEND', fdt_util.GetString(self._node, 'nxp,cst-backend', + 'ssl')) + self.unlock = fdt_util.GetBool(self._node, 'nxp,unlock') self.ReadEntries() @@ -161,8 +165,14 @@ class Entry_nxp_imx8mcst(Entry_mkimage): with open(cfg_fname, 'w') as cfgf: config.write(cfgf) + # SSL is the default backend, PKCS11 backend is optional + if self.backend == "pkcs11": + cst_backend = "pkcs11" + else: + cst_backend = "ssl" + output_fname = tools.get_output_filename(f'nxp.csf-output-blob.{uniq}') - args = ['-i', cfg_fname, '-o', output_fname] + args = ['-i', cfg_fname, '-o', output_fname, '-b', cst_backend] if self.cst.run_cmd(*args) is not None: outdata = tools.read_file(output_fname) # fixme: 0x2000 should be CONFIG_CSF_SIZE -- 2.51.0
