1 files changed, 41 insertions, 13 deletions

diff --git a/tools/binman/etype/nxp_imx8mcst.py b/tools/binman/etype/nxp_imx8mcst.py
index 8221517b0c4..a7d8db4eec4 100644
--- a/tools/binman/etype/nxp_imx8mcst.py
+++ b/tools/binman/etype/nxp_imx8mcst.py
@@ -23,7 +23,9 @@ from u_boot_pylib import tools
 MAGIC_NXP_IMX_IVT = 0x412000d1
 MAGIC_FITIMAGE    = 0xedfe0dd0
 
-csf_config_template = """
+KEY_NAME = 'sha256_4096_65537_v3_usr_crt'
+
+CSF_CONFIG_TEMPLATE = f'''
 [Header]
   Version = 4.3
   Hash Algorithm = sha256
@@ -36,8 +38,11 @@ csf_config_template = """
   File = "SRK_1_2_3_4_table.bin"
   Source index = 0
 
+[Install NOCAK]
+  File = "SRK1_{KEY_NAME}.pem"
+
 [Install CSFK]
-  File = "CSF1_1_sha256_4096_65537_v3_usr_crt.pem"
+  File = "CSF1_1_{KEY_NAME}.pem"
 
 [Authenticate CSF]
 
@@ -48,12 +53,12 @@ csf_config_template = """
 [Install Key]
   Verification index = 0
   Target Index = 2
-  File = "IMG1_1_sha256_4096_65537_v3_usr_crt.pem"
+  File = "IMG1_1_{KEY_NAME}.pem"
 
 [Authenticate Data]
   Verification index = 2
   Blocks = 0x1234 0x78 0xabcd "data.bin"
-"""
+'''
 
 class Entry_nxp_imx8mcst(Entry_mkimage):
     """NXP i.MX8M CST .cfg file generator and cst invoker
@@ -69,9 +74,22 @@ class Entry_nxp_imx8mcst(Entry_mkimage):
     def ReadNode(self):
         super().ReadNode()
         self.loader_address = fdt_util.GetInt(self._node, 'nxp,loader-address')
-        self.srk_table = os.getenv('SRK_TABLE', fdt_util.GetString(self._node, 'nxp,srk-table', 'SRK_1_2_3_4_table.bin'))
-        self.csf_crt = os.getenv('CSF_KEY', fdt_util.GetString(self._node, 'nxp,csf-crt', 'CSF1_1_sha256_4096_65537_v3_usr_crt.pem'))
-        self.img_crt = os.getenv('IMG_KEY', fdt_util.GetString(self._node, 'nxp,img-crt', 'IMG1_1_sha256_4096_65537_v3_usr_crt.pem'))
+        self.srk_table = os.getenv(
+            'SRK_TABLE', fdt_util.GetString(self._node, 'nxp,srk-table',
+                                            'SRK_1_2_3_4_table.bin'))
+        self.fast_auth = fdt_util.GetBool(self._node, 'nxp,fast-auth')
+        if not self.fast_auth:
+            self.csf_crt = os.getenv(
+                'CSF_KEY', fdt_util.GetString(self._node, 'nxp,csf-crt',
+                                              f'CSF1_1_{KEY_NAME}.pem'))
+            self.img_crt = os.getenv(
+                'IMG_KEY', fdt_util.GetString(self._node, 'nxp,img-crt',
+                                              f'IMG1_1_{KEY_NAME}.pem'))
+        else:
+            self.srk_crt = os.getenv(
+                'SRK_KEY', fdt_util.GetString(self._node, 'nxp,srk-crt',
+                                              f'SRK1_{KEY_NAME}.pem'))
+
         self.unlock = fdt_util.GetBool(self._node, 'nxp,unlock')
         self.ReadEntries()
 
@@ -118,16 +136,26 @@ class Entry_nxp_imx8mcst(Entry_mkimage):
         tools.write_file(output_dname, data)
 
         # Generate CST configuration file used to sign payload
-        cfg_fname = tools.get_output_filename('nxp.csf-config-txt.%s' % uniq)
+        cfg_fname = tools.get_output_filename(f'nxp.csf-config-txt.{uniq}')
         config = configparser.ConfigParser()
         # Do not make key names lowercase
         config.optionxform = str
         # Load configuration template and modify keys of interest
-        config.read_string(csf_config_template)
-        config['Install SRK']['File'] = '"' + self.srk_table + '"'
-        config['Install CSFK']['File'] = '"' + self.csf_crt + '"'
-        config['Install Key']['File'] = '"' + self.img_crt + '"'
-        config['Authenticate Data']['Blocks'] = hex(signbase) + ' 0 ' + hex(len(data)) + ' "' + str(output_dname) + '"'
+        config.read_string(CSF_CONFIG_TEMPLATE)
+        config['Install SRK']['File']  = f'"{self.srk_table}"'
+        if not self.fast_auth:
+            config.remove_section('Install NOCAK')
+            config['Install CSFK']['File'] = f'"{self.csf_crt}"'
+            config['Install Key']['File']  = f'"{self.img_crt}"'
+        else:
+            config.remove_section('Install CSFK')
+            config.remove_section('Install Key')
+            config['Install NOCAK']['File'] = f'"{self.srk_crt}"'
+            config['Authenticate Data']['Verification index'] = '0'
+
+        config['Authenticate Data']['Blocks'] = \
+            f'{signbase:#x} 0 {len(data):#x} "{output_dname}"'
+
         if not self.unlock:
             config.remove_section('Unlock')
         with open(cfg_fname, 'w') as cfgf: