How to Sign/Sign & Encrypt FIP Binary manually?

ThinhNguyen · ‎2025-07-10

I am working on STM32MP257F. I read the Artical "How to perform Secure Boot from Distribution Package". It doesn't seem to mention Sign or Sign & Encrypt FIP Binary manually. In my case it is necessary to Sign/Sign & Encrypted FIP binary manually and do it outside of Yocto. This is done only with 1 specific person and does not expose the private key.

Please give me an example to Sign/Sign & Encrypt FIP binary manually using STM32_SigningTool_CLI.

Thanks.

Jean-Christophe_TROTIN · ‎2025-07-11

Hi @ThinhNguyen,

I could suggest that you have a look at the following documents (if not already done):

https://wiki.st.com/stm32mpu/wiki/Signing_tool STM32 MPU wiki article (the example 5 might be interesting for you).
https://www.st.com/resource/en/user_manual/dm00595234-stm32mp1-series-signing-tool-software-description-stmicroelectronics.pdf user manual (STM32 signing tool software description); there are examples in the chapter 2.2.

Hope this information helps.

Regards,

JC.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.