Hi Ivan,
On Thu, 27 Apr 2023 at 07:41, Ivan Mikhaylov fr0st61te@gmail.com wrote:
On Wed, 2023-04-26 at 15:29 -0600, Simon Glass wrote:
Hi Andy,
On Wed, 26 Apr 2023 at 12:49, Andy Pandy andypandy123g@gmail.com wrote:
Hi there,
First of all, I would like to thank you for the tool, I like it a lot.
Great!
I've been trying to sign uboot by placing signature section into configurations section. Something like:
{ algo = "sha256,rsa2048"; key-name-hint = "dev"; sign-images = "fdt", "loadables"; }
But I can't find how to sign the second stage uboot, and integrate the public key into uboot spl device tree with binman. Prior to binman I used mkimage to do that, as follows:
mkimage -f uboot.its -K u-boot.dtb -k ./keys -r image.fit
Could not find it in the documentation, I only saw pre-load, but I am not sure that this is what I am looking for.
Would appreciate if you could give some hint on how this could be done.
Thank you for your help
+Ivan Mikhaylov
I believe that 'binman sign' does this:
https://u-boot.readthedocs.io/en/latest/develop/package/binman.html#signing-...
Regards, Simon
Andy, also you can look at tests there as examples https://github.com/u-boot/u-boot/blob/288fe30a2367b8d0e3f416493150a38ebaa884...
You can add pubkeys with fdt_add_pubkey utility also if you need just that.
Simon, maybe I need to add possibility to add pubkeys via binman sign, what do you think?
Yes I think that would be useful.
Regards, Simon