Secure Boot -Generating cwe file

Trying to use Secure Boot with WP7608 and have a few questions going through the Secure Boot Application note from the source.

  1. Section 6.2 step 4 mentions about packaging signed images into a CWE image. The script mentions depends on cwetool-native wherein it is not mentioned on how to use it ?

  2. Syntax of the script and whether it has to be put in the same folder as the signing server is not mentioned?

  3. How to verify the image is signed properly with the key, before loading it into the device?

  4. There is no build seen for cwetool-native does this need to be built in the SDK for use?

Further questions:

  1. to Generate cwe files do we need to use the linux source and bitbake tool?
    maybe we can provide the task using the command bitbake mdm9x28-image-minimal -c generate_cwe in this case how to specify the signed image components for cwe generation?

You can see this document:
Example on Secure boot implementation for WP76xx.docx (173.5 KB)