Provided by: imx-code-signing-tool_3.4.1+dfsg-6_amd64 bug

NAME
       cst - Code Signing Tool for generating binary CSF files for NXP secure boot


SYNOPSIS
       cst --output file --input file [--cert cert.pem] [--backend ssl|pkcs11] [--verbose]

       cst --license|--version|--help


DESCRIPTION
       cst (Code Signing Tool) is used to generate a binary Command Sequence File (CSF) required by the HAB or
       AHAB secure boot mechanisms on NXP i.MX processors. The CSF contains the authentication commands and
       signature data used to verify signed boot images during the secure boot process.

       The tool processes a plain-text CSF description file and produces a binary CSF that can be appended to or
       embedded in a boot image. Optionally, a certificate can be provided to encrypt the Data Encryption Key
       (DEK).


OPTIONS
       -o, --output file
           The output binary CSF file to generate.

       -i, --input file
           The input CSF description text file.

       -c, --cert cert.pem
           Public key certificate to encrypt the DEK (optional).

       -b, --backend ssl|pkcs11
           Optional.  Backend  for  key  handling.  Default  is  'ssl'  (local  filesystem).   'pkcs11'  uses  a
           PKCS#11-compatible keystore.

       -g, --verbose
           Enable verbose output.

       -l, --license
           Print license information and exit.

       -v, --version
           Print the tool version and exit.

       -h, --help
           Display a brief help message.


EXAMPLES
       Generate binary CSF from a text CSF file:
             cst -o out_csf.bin -i hab4.csf

       Encrypt DEK with a certificate:
             cst -o out_csf.bin -c cert.pem -i hab4.csf


SEE ALSO
       srktool(1), csf_parser(1)

                                                   2025-06-04                                             CST(1)