# The syntax for this file is documented in the HAB Code-Signing Tool
# User's Guide which is included in the CST package distributed by NXP
[Header]
    Version = 4.1
    Hash Algorithm = sha256
    Engine Configuration = 0
    Certificate Format = X509
    Signature Format = CMS
    Engine = CAAM

[Install SRK]
    File = "%srk_table%"
    Source index = %key_index%

[Install CSFK]
    File = "%cert_csf%"

[Authenticate CSF]

[Install Key]
    Verification index = 0
    Target index = 2
    File = "%cert_img%"

[Authenticate Data]
    Verification index = 2
    Blocks = %ivt_ram_start% %ivt_uimage_start% %ivt_size% "%uimage_path%"

[Authenticate Data]
    Verification index = 2
    Blocks = %entrypoint_ram_start% %entrypoint_uimage_offset% %entrypoint_size% "%uimage_path%"

[Authenticate Data]
    Verification index = 2
    Blocks = %header_ram_start% %header_uimage_offset% %header_size% "%uimage_path%"

[Install Secret Key]
    Verification index = 0
    Target index = 0
    Key = "%dek_path%"
    Key Length = %dek_len%
    Blob address = %dek_offset%

[Decrypt Data]
    Verification index = 0
    Mac Bytes = 16
    Blocks = %r1_ram_start% %r1_uimage_offset% %r1_size% "%uimage_path%", \
             %r2_ram_start% %r2_uimage_offset% %r2_size% "%uimage_path%"