25 Apr
2016
25 Apr
'16
6:25 p.m.
Hi all,
I'm curious if anyone has a script (or if I've missed something within the verified-boot documentation) to compile a DTB given only public keying information, i.e., a x509 certificate.
I have build/test bots that need to build a u-boot with an extra/embedded DTB containing a signing public key. I do not want the private key on those hosts and the only way I've found to build the documented/required nodes in /signature/key-KEYNAME/ ('rsa,r-squared','rsa,modulus', 'rsa,n0-inverse' and 'rsa-num-bits') is by using mkimage on a FIT with the -K switch. That requires a private key to do the actual signing.
I'm happy to write something, just want to ask first!
Thanks!
--
Teddy Reed V