Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 302e0212e8145c52ae41e0999ca03a6bc335e9f5^! / .
commit302e0212e8145c52ae41e0999ca03a6bc335e9f5[log] [tgz]
authorLeonard Anderweit <l.anderweit@phytec.de>Wed Feb 26 22:05:01 2025 +0100
committerTom Rini <trini@konsulko.com>Wed Mar 12 10:25:25 2025 -0600
tree0c962dc5a865773a017f549a1d068498dbbdef1e
parentb1eec55c97158b75aff5fe1a84d55b6f2ecdf77f [diff]
binman: cst: Build from source

Build the imx code singing tool from source instead of relying on the
distro to provide the tool.
Use the debian/unstable branch because the default branch is outdated.
The binary is supposed to be build with docker, work around that by selecting
the correct Makefile directly.
Also append the description and add a link to documentation.

Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de>
Reviewed-by: Simon Glass <sjg@chromium.org>

diff --git a/tools/binman/bintools.rst b/tools/binman/bintools.rst
index cd05ad8..9f6cab5 100644
--- a/tools/binman/bintools.rst
+++ b/tools/binman/bintools.rst

@@ -52,6 +52,14 @@
 This bintool supports running `cst` with some basic parameters as
 needed by binman.
 
+cst (imx code signing tool) is used for sigining bootloader binaries for
+various i.MX SoCs.
+
+See `Code Signing Tool Users Guide`_ for more information.
+
+.. _`Code Signing Tool Users Guide`:
+    https://community.nxp.com/pwmxy87654/attachments/pwmxy87654/imx-processors/202591/1/CST_UG.pdf
+
 
 
 Bintool: fdt_add_pubkey: Add public key to control dtb (spl or u-boot proper)

diff --git a/tools/binman/btool/cst.py b/tools/binman/btool/cst.py
index 30e78bd..8a3981a 100644
--- a/tools/binman/btool/cst.py
+++ b/tools/binman/btool/cst.py

@@ -12,6 +12,14 @@
 
     This bintool supports running `cst` with some basic parameters as
     needed by binman.
+
+    cst (imx code signing tool) is used for sigining bootloader binaries for
+    various i.MX SoCs.
+
+    See `Code Signing Tool Users Guide`_ for more information.
+
+    .. _`Code Signing Tool Users Guide`:
+        https://community.nxp.com/pwmxy87654/attachments/pwmxy87654/imx-processors/202591/1/CST_UG.pdf
     """
     def __init__(self, name):
         super().__init__(name, 'Sign NXP i.MX image')
@@ -29,20 +37,17 @@
         return self.run_cmd(*args)
 
     def fetch(self, method):
-        """Fetch handler for cst
-
-        This installs cst using the apt utility.
-
-        Args:
-            method (FETCH_...): Method to use
-
-        Returns:
-            True if the file was fetched and now installed, None if a method
-            other than FETCH_BIN was requested
-
-        Raises:
-            Valuerror: Fetching could not be completed
-        """
-        if method != bintool.FETCH_BIN:
+        """Build cst from git"""
+        if method != bintool.FETCH_BUILD:
             return None
-        return self.apt_install('imx-code-signing-tool')
+
+        from platform import architecture
+        arch = 'linux64' if architecture()[0] == '64bit' else 'linux32'
+        result = self.build_from_git(
+            'https://gitlab.apertis.org/pkg/imx-code-signing-tool',
+            ['all'],
+            f'code/obj.{arch}/cst',
+            flags=[f'OSTYPE={arch}', 'ENCRYPTION=yes'],
+            git_branch='debian/unstable',
+            make_path=f'code/obj.{arch}/')
+        return result