[U-Boot] FitImage add pubkey signature in DTS
Larry.Gass at microchip.com
Larry.Gass at microchip.com
Thu May 3 17:39:12 UTC 2018
On Thu, May 3, 2018 at 1:33 AM, Clément Péron <peron.clem at gmail.com> wrote:
> Subject: [U-Boot] FitImage add pubkey signature in DTS
>
> Hi,
>
> I'm looking to add the public key for the FitImage signature in my dts.
>
> Do you know if there is a script to add the pubkey in the .dts and not in the
> .dtb ?
>
> Actually I "decompile" the .dtb to get those values, but maybe there is an
> easier way.
Did the same thing. Started with a file pubkey.dts that was "empty":
/dtc-v1/;
/ {
};
Compiled it:
$ dtc -O dtb pubkey.dts > pubkey.dtb
Created the FIT image:
$ output/build/uboot-2018.03/tools/mkimage -f linux.its -k keys -r -K pubkey.dtb
De-Compiled it:
$ dtc -I dtb pubkey.dtb > pubkey.dts
Manually merged pubkey.dts with my "real" device tree (in arch/arm/dts/) . This step is important because it is WAY too easy to lose the signature from the .dtb if you "make clean" or touch your device tree source in any way.
I also would like to see this made easier in some way if it does not already exist.
>
> Looking to generate something like this from the RSA keys :
> signature {
> key-product-dev {
> required = "conf";
> algo = "sha1,rsa2048";
> rsa,r-squared = <0x68b44337 0x916dcfda 0x.....>
> rsa,modulus = <0xb7929d33 0x34df0e32 0x......>
> rsa,exponent = <0x0 0x10001>;
> rsa,n0-inverse = <0x29.....>;
> rsa,num-bits = <0x800>;
> key-name-hint = "product-dev";
> };
> };
>
> Thanks,
> Clement
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> https://lists.denx.de/listinfo/u-boot
Regards,
Larry
More information about the U-Boot
mailing list