On Wed, Feb 17, 2021 at 06:02:34PM -0600, Alex G. wrote:
On 2/17/21 5:03 PM, Tom Rini wrote:
On Thu, Jan 28, 2021 at 09:52:48AM -0600, Alexandru Gagniuc wrote:
Add a test to make sure that the ECDSA signatures generated by mkimage can be verified successfully. pyCryptodomex was chosen as the crypto library because it integrates much better with python code. Using openssl would have been unnecessarily painful.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com Reviewed-by: Simon Glass sjg@chromium.org
So, to run this test I've done a "pip install -r test/py/requirements.txt" to make sure I have everything now needed installed. When I run this test (building in /tmp): +/tmp/.bm-work/sandbox/tools/mkimage -F /tmp/.bm-work/sandbox/test.fit -k/tmp/.bm-work/sandbox/ecdsa-test-key.pem Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem' Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem' Failed to sign 'signature' signature node in 'kernel' image node: -2 Failed to sign 'signature' signature node in 'fdt-1' image node: -2 FIT description: Chrome OS kernel image with one or more FDT blobs ... +fdtget -tbi /tmp/.bm-work/sandbox/test.fit /images/kernel/signature value Error at 'value': FDT_ERR_NOTFOUND
Which I think means that since we have a key-name-hint of "dev" it's taking the -k argument as a keydir and that's where it goes wrong.
Did this happen with this series alone? I realize not that also applying "mkimage: Add a 'keyfile' argument for image signing" would cause this. I shoudl have (but forgot to) update the test in that series. I'll update the other series if you want to pull them in together.
No, this was with the other series applied as well. In the end, please make sure that yes, the tests all pass. If it's easier to combine both series, that's fine. Thanks!