[U-Boot] [verified-boot] Compile 'key store' DTB without mkimage and private key
Teddy Reed
teddy.reed at gmail.com
Mon Apr 25 18:25:58 CEST 2016
Hi all,
I'm curious if anyone has a script (or if I've missed something within
the verified-boot documentation) to compile a DTB given only public
keying information, i.e., a x509 certificate.
I have build/test bots that need to build a u-boot with an
extra/embedded DTB containing a signing public key. I do not want the
private key on those hosts and the only way I've found to build the
documented/required nodes in /signature/key-KEYNAME/
('rsa,r-squared','rsa,modulus', 'rsa,n0-inverse' and 'rsa-num-bits')
is by using mkimage on a FIT with the -K switch. That requires a
private key to do the actual signing.
I'm happy to write something, just want to ask first!
Thanks!
--
Teddy Reed V
More information about the U-Boot
mailing list