On Sun, May 24, 2026 at 06:20:48PM +0200, Marek Vasut wrote: > On 5/7/26 5:31 PM, Simon Glass wrote: > > Hi Marek, > > > > On 2026-05-04T19:04:59, Marek Vasut <[email protected]> wrote: > > > binman: add CST backend selection for i.MX8M signing > > > > > > Add support for setting the CST backend, both via DT property and > > > CST_BACKEND environment variable. The CST currently supports two > > > backends, 'ssl' and 'pkcs11', with 'ssl' being the default when > > > CST tool is invoked without any -b parameter. Keep 'ssl' backend > > > as the default, but explicitly pass it via the '-b' parameter, > > > unless the user selects 'pkcs11' via either method. > > > > > > Signed-off-by: Marek Vasut <[email protected]> > > > > > > doc/imx/habv4/guides/mx8m_spl_secure_boot.txt | 30 > > > +++++++++++++++++---------- > > > tools/binman/etype/nxp_imx8mcst.py | 19 ++++++++++++++++- > > > 2 files changed, 37 insertions(+), 12 deletions(-) > > > > > diff --git a/tools/binman/etype/nxp_imx8mcst.py > > > b/tools/binman/etype/nxp_imx8mcst.py > > > @@ -90,6 +97,10 @@ class Entry_nxp_imx8mcst(Entry_mkimage): > > > + self.backend = os.getenv( > > > + 'CST_BACKEND', fdt_util.GetString(self._node, > > > 'nxp,cst-backend', > > > + 'ssl')) > > > + > > > > Please add a binman test covering this new feature - see > > testNxpImx8mCSTFastAuth in ftest.py and the vendor/nxp_imx8_csf*.dts > > fixtures. The missing coverage line for me is 177 (cst_backend = > > "pkcs11" ) > > The pkcs11 option requires a HSM, how do you propose to test that ?
We have softhsm already in the CI container and tools/binman/btool/softhsm2_util.py and tools/binman/ftest.py has an example that might be useful. -- Tom
signature.asc
Description: PGP signature
