From 326b7ea9823a74a83b3a7ef6ee3f4927eb36987e Mon Sep 17 00:00:00 2001
From: Leonard Anderweit <l.anderweit@phytec.de>
Date: Wed, 26 Feb 2025 22:05:01 +0100
Subject: [PATCH] binman: cst: Build from source

Build the imx code singing tool from source instead of relying on the
distro to provide the tool.
Use the debian/unstable branch because the default branch is outdated.
The binary is supposed to be build with docker, work around that by selecting
the correct Makefile directly.
Also append the description and add a link to documentation.

Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 tools/binman/bintools.rst |  8 ++++++++
 tools/binman/btool/cst.py | 37 +++++++++++++++++++++----------------
 2 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/tools/binman/bintools.rst b/tools/binman/bintools.rst
index cd05ad8cb26..9f6cab544a5 100644
--- a/tools/binman/bintools.rst
+++ b/tools/binman/bintools.rst
@@ -52,6 +52,14 @@ Bintool: cst: Image generation for U-Boot
 This bintool supports running `cst` with some basic parameters as
 needed by binman.
 
+cst (imx code signing tool) is used for sigining bootloader binaries for
+various i.MX SoCs.
+
+See `Code Signing Tool Users Guide`_ for more information.
+
+.. _`Code Signing Tool Users Guide`:
+    https://community.nxp.com/pwmxy87654/attachments/pwmxy87654/imx-processors/202591/1/CST_UG.pdf
+
 
 
 Bintool: fdt_add_pubkey: Add public key to control dtb (spl or u-boot proper)
diff --git a/tools/binman/btool/cst.py b/tools/binman/btool/cst.py
index 30e78bdbbd9..8a3981adc89 100644
--- a/tools/binman/btool/cst.py
+++ b/tools/binman/btool/cst.py
@@ -12,6 +12,14 @@ class Bintoolcst(bintool.Bintool):
 
     This bintool supports running `cst` with some basic parameters as
     needed by binman.
+
+    cst (imx code signing tool) is used for sigining bootloader binaries for
+    various i.MX SoCs.
+
+    See `Code Signing Tool Users Guide`_ for more information.
+
+    .. _`Code Signing Tool Users Guide`:
+        https://community.nxp.com/pwmxy87654/attachments/pwmxy87654/imx-processors/202591/1/CST_UG.pdf
     """
     def __init__(self, name):
         super().__init__(name, 'Sign NXP i.MX image')
@@ -29,20 +37,17 @@ class Bintoolcst(bintool.Bintool):
         return self.run_cmd(*args)
 
     def fetch(self, method):
-        """Fetch handler for cst
-
-        This installs cst using the apt utility.
-
-        Args:
-            method (FETCH_...): Method to use
-
-        Returns:
-            True if the file was fetched and now installed, None if a method
-            other than FETCH_BIN was requested
-
-        Raises:
-            Valuerror: Fetching could not be completed
-        """
-        if method != bintool.FETCH_BIN:
+        """Build cst from git"""
+        if method != bintool.FETCH_BUILD:
             return None
-        return self.apt_install('imx-code-signing-tool')
+
+        from platform import architecture
+        arch = 'linux64' if architecture()[0] == '64bit' else 'linux32'
+        result = self.build_from_git(
+            'https://gitlab.apertis.org/pkg/imx-code-signing-tool',
+            ['all'],
+            f'code/obj.{arch}/cst',
+            flags=[f'OSTYPE={arch}', 'ENCRYPTION=yes'],
+            git_branch='debian/unstable',
+            make_path=f'code/obj.{arch}/')
+        return result
-- 
2.39.5