fit signing without access to private key - U-Boot - denx.biz

newer
U-Boot SPL crashes after stack...

fit signing without access to private key

older
[PATCH 00/17] Implement ACPI on...

Mikael Pahmp

6 Sep 2024 6 Sep '24

4:54 p.m.

Hi. We want to sign fitImages but our company policies does not allow access to the private signing key from our build machines. Is there a way using e.g. mkimage to

1. Generate the hash of a fitImage configuration section? We will then request a signature for the hash from our enterprise PKI. 2. Incorporate the signature in the fitImage?

BR / Mikael

Reply

Show replies by date

Simon Glass

12 Sep 12 Sep

3:01 a.m.

Hi Mikael,

On Fri, 6 Sept 2024 at 11:06, Mikael Pahmp mikael.pahmp@gmail.com wrote:

Hi. We want to sign fitImages but our company policies does not allow access to the private signing key from our build machines. Is there a way using e.g. mkimage to

Generate the hash of a fitImage configuration section?

We will then request a signature for the hash from our enterprise PKI. 2. Incorporate the signature in the fitImage?

There is not, but it would be a useful feature. Let me know if you would like some pointers for how to implement this.

Regards, Simon

BR / Mikael

Reply

243

Age (days ago)

249

Last active (days ago)

Download

1 comments

2 participants

tags (0)

participants (2)

Mikael Pahmp
Simon Glass