On Thu, Jan 28, 2021 at 09:52:48AM -0600, Alexandru Gagniuc wrote:
Add a test to make sure that the ECDSA signatures generated by mkimage can be verified successfully. pyCryptodomex was chosen as the crypto library because it integrates much better with python code. Using openssl would have been unnecessarily painful.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com Reviewed-by: Simon Glass sjg@chromium.org
So, to run this test I've done a "pip install -r test/py/requirements.txt" to make sure I have everything now needed installed. When I run this test (building in /tmp): +/tmp/.bm-work/sandbox/tools/mkimage -F /tmp/.bm-work/sandbox/test.fit -k/tmp/.bm-work/sandbox/ecdsa-test-key.pem Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem' Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem' Failed to sign 'signature' signature node in 'kernel' image node: -2 Failed to sign 'signature' signature node in 'fdt-1' image node: -2 FIT description: Chrome OS kernel image with one or more FDT blobs ... +fdtget -tbi /tmp/.bm-work/sandbox/test.fit /images/kernel/signature value Error at 'value': FDT_ERR_NOTFOUND
Which I think means that since we have a key-name-hint of "dev" it's taking the -k argument as a keydir and that's where it goes wrong.