Hi, On Wed, 5 Feb 2025 at 03:20, Marek Vasut <ma...@denx.de> wrote: > > On 1/9/25 3:10 PM, Simon Glass wrote: > > Hi Marek, > > > > On Tue, 7 Jan 2025 at 04:24, Marek Vasut <ma...@denx.de> wrote: > >> > >> On 1/7/25 4:50 AM, Simon Glass wrote: > >>> Hi Marek, > >>> > >>> On Mon, 6 Jan 2025 at 13:51, Marek Vasut <ma...@denx.de> wrote: > >>>> > >>>> On 1/6/25 3:38 PM, Simon Glass wrote: > >>>> > >>>> [...] > >>>> > >>>>> I wonder if the cst needs to be updated (binman tool -f cst)? At > >>>>> present it is using apt-get and has: > >>>>> > >>>>> $ dpkg -l imx-code-signing-tool > >>>>> Desired=Unknown/Install/Remove/Purge/Hold > >>>>> | > >>>>> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend > >>>>> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) > >>>>> ||/ Name Version Architecture Description > >>>>> +++-=====================-===================-============-=================================== > >>>>> ii imx-code-signing-tool 3.3.1+dfsg-2ubuntu1 amd64 code > >>>>> signing tool for i.MX platform > >>>> Perhaps. Can you suggest a fix ? > >>>> > >>>> I am also unsure how to get the CST test to 100%. > >>>> > >>>> I still don't fully understand what exactly are these tests testing or > >>>> whether they are even valid. > >>> > >>> Well, if I could run the test and have it pass (like presumably you > >>> do) then I could suggest something. Could you point me to a cst binary > >>> which works for you and makes your tests pass? > >> CST 3.4.0 from debian/testing works with real hardware. > > > > Unfortunately after much messing around I cannot install this on my > > machine (jammy). I do plan to upgrade to Noble at some point. But we > > cannot rely on people having a particular distro to build U-Boot > > images. That is what 'binman tool' is supposed to fix. > > > > I got the package source and tried that. The build instructions use > > docker, which I have not mastered. The container needs curl but does > > not have it. > > > > I was able to build it from source code without docker. Is there a > > public source-code repo somewhere, so Binman could build it? > > > > Anyway, with this patch applied and the new cst: > > > > $ binman test testNxpImx8MCSTSPL > > ======================== Running binman tests ======================== > > E > > ====================================================================== > > ERROR: binman.ftest.TestFunctional.testNxpImx8MCSTSPL > > (subunit.RemotedTestCase) > > binman.ftest.TestFunctional.testNxpImx8MCSTSPL > > ---------------------------------------------------------------------- > > testtools.testresult.real._StringException: Traceback (most recent call > > last): > > ValueError: Error 1 running 'cst -i > > /tmp/binman.t45m9_fv/nxp.csf-config-txt.nxp-imx8mcst -o > > /tmp/binman.t45m9_fv/nxp.csf-output-blob.nxp-imx8mcst': File not > > present SRK_1_2_3_4_table.bin > > > > > > ---------------------------------------------------------------------- > > Ran 1 test in 0.151s > > > > FAILED (errors=1) > > > > So where is the SRK_1_2_3_4_table.bin file? > See the tool documentation: > > https://gitlab.apertis.org/pkg/imx-code-signing-tool/-/blob/debian/3.4.0+dfsg-2/docs/CST_UG.pdf?ref_type=tags > > 3.1.2 Running the hab4_pki_tree script Example > 3.1.2.1 Running the hab4_pki_tree script in interactive mode > > The hab4_pki_tree.sh script should generate all those files.
But with binman we want to avoid vendor scripts, etc. Could someone take a look at updating tools/binman/btool/cst.py or similar to build the tool from source? There are examples of others that do this, e.g. bootgen.py Regards, SImon
