Hi Jan,
On Mon, 6 Feb 2023 at 22:47, Jan Kiszka jan.kiszka@siemens.com wrote:
On 07.02.23 05:02, Simon Glass wrote:
Hi Jan,
On Mon, 6 Feb 2023 at 03:42, Jan Kiszka jan.kiszka@siemens.com wrote:
On 04.02.23 23:23, Simon Glass wrote:
Hi Jan,
On Fri, 3 Feb 2023 at 23:35, Jan Kiszka jan.kiszka@siemens.com wrote:
On 04.02.23 01:20, Simon Glass wrote:
Hi Jan,
On Fri, 3 Feb 2023 at 05:29, Jan Kiszka jan.kiszka@siemens.com wrote: > > From: Jan Kiszka jan.kiszka@siemens.com > > Allows to create a public key device tree dtsi for inclusion into U-Boot > SPL and proper during first build already. This can be achieved via > CONFIG_DEVICE_TREE_INCLUDES. > > Signed-off-by: Jan Kiszka jan.kiszka@siemens.com > --- > tools/key2dtsi.py | 64 +++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 64 insertions(+) > create mode 100755 tools/key2dtsi.py
Please can you build this into Binman instead? We really don't want any more of these scripts. Perhaps you can add a new entry type?
I don't think you are requesting something that makes any sense:
"Binman creates and manipulate *images* for a board from a set of binaries"
I mean that Binman can include a public key in the DT, if that it was you are wanting. We don't want to add scripts for creating images and pieces of images.
Perhaps I just don't understand the goal here. How would your script be used?
We feed the generated dtsi into the U-Boot build, using CONFIG_DEVICE_TREE_INCLUDES. This ensures that will be signed along with the built artifacts. Have a look at patch 9 for the steps, specifically the doc update bits. Full bitbake (Isar) integration is available under [1], specifically [2] in combination with [3].
OK, so is Binman run in this case?
It's run at the end of the build, to assemble the unsigned flash.bin. And it should have been used also for signing that image (patch 8, see the other discussion).
OK, so how can we get this signing thing into Binman? Does it need a new entry type? Is there something I can help with there? The input looks like it should be the key.pem file.
Regards, SImon
Jan
Jan
[1] https://github.com/siemens/meta-iot2050/tree/master/recipes-bsp/u-boot [2] https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/u-boot/files... [3] https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/u-boot/files...
-- Siemens AG, Technology Competence Center Embedded Linux
Regards, Simon
-- Siemens AG, Technology Competence Center Embedded Linux