[U-Boot] [verified-boot] Compile 'key store' DTB without mkimage and private key
Simon Glass
sjg at chromium.org
Sat Apr 30 01:09:00 CEST 2016
Hi Teddy,
On 25 April 2016 at 10:25, Teddy Reed <teddy.reed at gmail.com> wrote:
> Hi all,
>
> I'm curious if anyone has a script (or if I've missed something within
> the verified-boot documentation) to compile a DTB given only public
> keying information, i.e., a x509 certificate.
>
> I have build/test bots that need to build a u-boot with an
> extra/embedded DTB containing a signing public key. I do not want the
> private key on those hosts and the only way I've found to build the
> documented/required nodes in /signature/key-KEYNAME/
> ('rsa,r-squared','rsa,modulus', 'rsa,n0-inverse' and 'rsa-num-bits')
> is by using mkimage on a FIT with the -K switch. That requires a
> private key to do the actual signing.
>
> I'm happy to write something, just want to ask first!
Not on my side, sorry. Would be useful.
>
> Thanks!
>
> --
> Teddy Reed V
Regards,
Simon
More information about the U-Boot
mailing list