An options block contains zero or more name/value pairs and the option settings that assign values to global options used by the nxpimage to control the generation of the output file.
HAB flags. 0x0 for unsigned, 0x08 signed, 0x0C encrypted.
First address of the bootable image in the target memory.
Offset of IVT table(beginning of HAB container) from startAddress. This option can be omitted if family and bootDevice are specified.
Size of the segments(such as IVT, BDT, DCD, XMCD) placed before the actual application image. The value is specific per boot device type. This option can be omitted if family and bootDevice are specified.
Reset vector of the application. If not specified, the vector will be automatically detected from the input image.
Processor family. If not specified, the ivtOffset and initialLoadSize must be defined.
Boot device memory where the image is booted from. If not specified, the ivtOffset and initialLoadSize must be defined.
Optional path to DCD data.
Optional path to XMCD data.
The input application image in plain BIN, S-REC or ELF.
CSF Sections.
No Additional ItemsThe Header command contains data used in the CSF header as well as default values used by the CST for other commands throughout the remaining CSF. There must be exactly one Header command and it must appear first in the CSF.
Version of HAB.
Default hash algorithm.
Default engine.
Default engine configuration. See the CST manual for more info.
Default certificate format.
Default signature format.
The Install SRK command authenticates and installs the root public key for use in subsequent Install CSFK (HAB only) or Install Key (HAB4 only) commands. HAB or AHAB authenticates the SRK using the SRK hash (SRKHASH) fuses. HAB4 or AHAB allows revocation of individual keys within the SRK table using the SRK revocation (SRKREVOKE) fuses. HAB installs the SRK in slot 0 of its internal public key store. There must be exactly one Install SRK command in a CSF, and it must occur before the Install CSFK (HAB only) command.
Valid file path
SRK index within SRK table. Installation fails if the SRK revocation fuse with this index is burned.
The Install CSFK command authenticates and installs a public key for use in subsequent Install Key (HAB3 only) or Authenticate CSF commands. HAB authenticates the CSFK from the CSFK certificate using the SRK. HAB installs the CSFK in slot 1 of its internal public key store. There must be exactly one Install CSFK command in a CSF, and it must occur before the Authenticate CSF command.
Valid path.
CSFK certificate format.
The Install NOCAK command authenticates and installs a public key for use with the fast authentication mechanism (HAB 4.1.2 and later only). With this mechanism, one key is used for all signatures. HAB installs the no-CA key in slot 1 of its internal public key store. There must be exactly one Install NOCAK command in a CSF, and it must occur before the Authenticate CSF command and there must be no Install Key commands.
Valid path.
NOCAK certificate format.
The Authenticate CSF command authenticates the CSF from which it is executed. HAB authenticates the CSF using the CSFK public key, from a digital signature generated automatically by the CST. There must be exactly one Authenticate CSF command in a CSF file, and it must occur after the Install CSFK command. Most other CSF commands are allowed only after the Authenticate CSF command.
Default engine configuration. See the CST manual for more info.
Default certificate format.
Default signature format.
Signature provider configuration string. If not set, the value from AuthenticateCsf_PrivateKeyFile parameter will be used.
Path to authenticate CSF private key file. If not set, the file will be determined from InstallCSFK_File parameter.
The Install Key command authenticates and installs a public key for use in subsequent Install Key or Authenticate Data commands. HAB authenticates a public key from a public key certificate using a previously installed verifying key and a hash of the public key certificate. HAB installs the authenticated public key in an internal public key store with a zero-based array of key slots. The CSF author is responsible for managing the key slots in the internal public key store to establish the desired public key hierarchy and determine the keys used in authentication operations. Overwriting occupied key slots is not allowed, although a repeat command to re- install the same public key occupying the target slot will be skipped and not generate an error.
Valid file path.
Verification key index in key store. CSFK not supported.
Target key index in key store. SRK, CSFK slots reserved.
The Authenticate Data command verifies the authenticity of pre-loaded data in memory. The data may include executable SW instructions and may be spread across multiple non-contiguous address ranges drawn from multiple object files. HAB authenticates the pre-loaded data using a previously installed public key from a digital signature generated automatically by the CST.
Verification key index in key store. SRK, CSFK not supported. NOTE For HAB4 Fast Authentication, this must be 0
Data signature hash engine.
Configuration flags for the engine. See the CSF manual.
Signature provider configuration string. If not set, the value from AuthenticateData_PrivateKeyFile parameter will be used.
Path to authenticate IMG private key file. If not set, the file will be determined from InstallCSFK_File parameter.
The Set Engine command selects the default engine and engine configuration for a given algorithm. HAB3 does not support the Set Engine command. Some CSF commands allow the CSF author to select the engine used for an algorithm by specifying an argument other than ANY. However, if the engine argument is ANY, then HAB selects the engine to use based on internal criteria. The Set Engine command overrides the HAB internal criteria and selects the engine and configuration to use when ANY is specified.
Some algorithm types do not have an associated engine argument in the CSF commands (e.g. the signature algorithm in Authenticate Data commands). By default, HAB selects the engine to use for such algorithms based on internal criteria. The Set Engine command overrides the HAB internal criteria in such cases as well. Multiple Set Engine commands may appear anywhere in a CSF after the Header command. Subsequent commands use the engine selected by the most recent Set Engine command
Hash algorithm.
Engine, use ANY to restore internal HAB criteria.
Default engine configuration. See the CST manual for more info.
The Unlock command prevents specified engine features from being locked when exiting the internal boot ROM. HAB3 does not support the Unlock command. Multiple Unlock commands may appear after the Authenticate CSF command. A feature will be unlocked if specified in one or more Unlock commands.
Engine to unlock.
Comma-separated list of features to unlock.
This command is applicable from HAB 4.1 onwards and only on processors which include CAAM and SNVS. Each instance of this command generates a CSF command to install a secret key in CAAM's secret key store.
CMS encrypted data encryption key.
Key length in bits
Master KEK index. 0 or 1 OTPMK from fuses. 2 ZMK from SNVS, 3 CMK from SNVS.
Target secret key store index.
If set, the secret key from SecretKey_Name parameter will be used. If not, a random key will be generated and stored.
This command is applicable from HAB4.1 onwards. Each instance generates a CSF command to decrypt and authenticate a list of code/data blocks using secret key stored in the secret key store. CST will generate a corresponding AUT_DAT command. CST will encrypt the data blocks in- place in the given files using a secret key and generate MAC data which is appended to the CSF. The secret key index must have been the target key index in a preceding Install Secret Key command. The same secret key must never be used more than once. The secret key used is removed from the secret key store by the Decrypt Data command. A separate Install Secret Key command (which generates a fresh secret key) is required for another Decrypt Data command.
Secret key index in Secret key store.
MAC Engine.
Configuration flags for the engine. See the CSF manual.
Size of MAC in bytes. Even value between 4 and 16.
If set, the nonce from the given file will be used. If not, a random nonce will be generated.