Hi Simon, On Wed, Nov 20, 2024 at 05:40:42AM -0700, Simon Glass wrote: > > WARNING: This email originated from outside of GE HealthCare. Please validate > the sender's email address before clicking on links or attachments as they > may not be safe. > > Hi Brian, > > On Mon, 4 Nov 2024 at 01:33, Brian Ruley <brian.ru...@gehealthcare.com> wrote: > > > > On Wed, Oct 30, 2024 at 09:23:46AM -0300, Fabio Estevam wrote: > > > > > > WARNING: This email originated from outside of GE HealthCare. Please > > > validate the sender's email address before clicking on links or > > > attachments as they may not be safe. > > > > > > Hi Brian, > > > > > > On Wed, Oct 30, 2024 at 5:08???AM Brian Ruley > > > <brian.ru...@gehealthcare.com> wrote: > > > > > > > > Add coverage for IMX8M code siging. Create PKI tree and other assets > > > > required by `cst' using `hab4_pki_tree.sh' script and `srktool' in > > > > `cst_3.4.1' [1]. > > > > > > > > [1] https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL_NEW > > > > > > > > Signed-off-by: Brian Ruley <brian.ru...@gehealthcare.com> > > > > --- > > > > Changes for v4: > > > > - Rebased on master: > > > > 340_nxp_imx8mcst.dts -> 343_nxp_imx8mcst.dts > > > > 341_nxp_imx8mcst_fast_auth.dts -> 344_nxp_imx8mcst_fast_auth.dts > > > > > > Here is the result when I tried applying and testing this: > > > > > > $ git am > > > ~/Downloads/v4-1-2-binman-nxp_imx8mcst-read-certificates-from-input-path.patch > > > Applying: binman: nxp_imx8mcst: read certificates from input path > > > Applying: binman: expand test coverage to nxp_imx8mcst > > > .git/rebase-apply/patch:206: trailing whitespace. > > > X509v3 Basic Constraints: > > > .git/rebase-apply/patch:208: trailing whitespace. > > > Netscape Comment: > > > .git/rebase-apply/patch:210: trailing whitespace. > > > X509v3 Subject Key Identifier: > > > .git/rebase-apply/patch:212: trailing whitespace. > > > X509v3 Authority Key Identifier: > > > .git/rebase-apply/patch:333: trailing whitespace. > > > X509v3 Basic Constraints: > > > warning: squelched 7 whitespace errors > > > warning: 12 lines add whitespace errors. > > > > > > > > > $ ./tools/binman/binman test testNxpImx8mCstFastAuth > > > ======================== Running binman tests ======================== > > > E > > > ====================================================================== > > > ERROR: testNxpImx8mCstFastAuth (binman.ftest.TestFunctional) > > > Test that binman can sign an iMX8M image using fast authentication > > > ---------------------------------------------------------------------- > > > ValueError: Error -11 running 'cst -i > > > /tmp/binman.tf697xr9/nxp.csf-config-txt.nxp-imx8mcst -o > > > /tmp/binman.tf697xr9/nxp.csf-output-blob.nxp-imx8mcst': > > > > > > ---------------------------------------------------------------------- > > > Ran 1 test in 1.318s > > > > > > FAILED (errors=1) > > > > > > Any ideas? > > > > Hi Fabio, > > > > Strange, but I don't have a clue. I was able to find the bit of Python > > where things go wrong in my reply to Simon: > > > > > Odd, -11 means that is the resouce is temporarily unavailable, no? I > > > don't see how that could be caused by my changes. I managed to trace it > > > to line 367 in `tools/u_boot_pylib/tools.py`, which takes us to > > > the run_pipe() function in `tools/u_boot_pylib/commands.py`, where we > > > wait on a pipe: > > > > > > 108: result.return_code = last_pipe.wait() > > > > I also described the environment I was running: > > > > > I've compiled the NXP Code Signing tool myself from version 3.4.1 > > > and added that to path. The system I'm running on is: > > > > > > cat /etc/fedora-release && uname -msrv > > > Fedora release 40 (Forty) > > > Linux 6.10.12-200.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Sep 30 > > > 21:38:25 UTC 2024 x86_64 > > > > > > Also, prior to running any tests, I've built the `tools-only_defconfig`. > > > I admit that I find the test suites sightly confusing, so I might have > > > missed something. > > > > I can try to run it in different environment to see if I can reproduce > > the issue. > > I believe this is something wrong with the tool. This is on Ubuntu 22.04: > > $ binman test -X testNxpImx8mCst > ======================== Running binman tests ======================== > Preserving output dir: /tmp/binman.imy5s98_ > Preserving input dir: /tmp/binmant.izmi883v > E > ====================================================================== > ERROR: binman.ftest.TestFunctional.testNxpImx8mCst (subunit.RemotedTestCase) > binman.ftest.TestFunctional.testNxpImx8mCst > ---------------------------------------------------------------------- > testtools.testresult.real._StringException: Traceback (most recent call last): > ValueError: Error -11 running 'cst -i > /tmp/binman.imy5s98_/nxp.csf-config-txt.nxp-imx8mcst -o > /tmp/binman.imy5s98_/nxp.csf-output-blob.nxp-imx8mcst': > > > ---------------------------------------------------------------------- > Ran 1 test in 0.157s > > FAILED (errors=1) > > $ cst -i /tmp/binman.imy5s98_/nxp.csf-config-txt.nxp-imx8mcst -o > /tmp/binman.imy5s98_/nxp.csf-output-blob.nxp-imx8mcst > Install SRK > Install CSFK > Segmentation fault > > So the tool is segfaulting, for some reason.
Yes, I've noticed that too. I'd suggest compiling the tool yourself, you can get it from: https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL_NEW or: https://gitlab.apertis.org/pkg/imx-code-signing-tool/ or use the .deb package from Debian unstable: https://packages.debian.org/unstable/imx-code-signing-tool Pick your poison :) Best regards, Brian
