On Thu, May 3, 2018 at 1:33 AM, Clément Péron peron.clem@gmail.com wrote:

Subject: [U-Boot] FitImage add pubkey signature in DTS

Hi,

I'm looking to add the public key for the FitImage signature in my dts.

Do you know if there is a script to add the pubkey in the .dts and not in the .dtb ?

Actually I "decompile" the .dtb to get those values, but maybe there is an easier way.

Did the same thing. Started with a file pubkey.dts that was "empty":

/dtc-v1/; / { };

Compiled it: $ dtc -O dtb pubkey.dts > pubkey.dtb

Created the FIT image: $ output/build/uboot-2018.03/tools/mkimage -f linux.its -k keys -r -K pubkey.dtb

De-Compiled it: $ dtc -I dtb pubkey.dtb > pubkey.dts

Manually merged pubkey.dts with my "real" device tree (in arch/arm/dts/) . This step is important because it is WAY too easy to lose the signature from the .dtb if you "make clean" or touch your device tree source in any way.

I also would like to see this made easier in some way if it does not already exist.

Looking to generate something like this from the RSA keys : signature { key-product-dev { required = "conf"; algo = "sha1,rsa2048"; rsa,r-squared = <0x68b44337 0x916dcfda 0x.....> rsa,modulus = <0xb7929d33 0x34df0e32 0x......> rsa,exponent = <0x0 0x10001>; rsa,n0-inverse = <0x29.....>; rsa,num-bits = <0x800>; key-name-hint = "product-dev"; }; };

Thanks, Clement _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot

Regards, Larry