U-boot

[Rasmus Villemoes]

On 31/07/2021 18.59, Simon Glass wrote:
> Hi Roman,
> 
> On Sat, 31 Jul 2021 at 02:26, Roman Kopytin <Roman.Kopytin at kaspersky.com> wrote:
>>
>> Thank, but my question was about adding of the public key to dtb file without private key. We won't have private key in our side.
> 
> (please try not to top-post on the mailing list)
> 
> Presumably this means that you know what the public key is, so one
> option is to manually add it to the dtb, e.g. in a u-boot.dtsi file
> for your board. You can see the format of it in the documentation, or
> just copy what is there when you do the signing.
> 

I sent
https://lore.kernel.org/u-boot/20200211094818.14219-3-rasmus.villemoes@prevas.dk/
1.5 years ago. Roman, is it something like that you need? We've used
that patch/tool internally ever since.

> Another option would be to use 'fdtput' to add the various fields in
> the dtb after building.

Yes, but that, or the .dtsi approach, requires figuring just exactly
what those fields are supposed to be. And even if one could "reverse
engineer" that and implement the math separately in another tool, it's
much better to utilize the same code which "mkimage proper" would use,
since there's less risk of messing up endianness etc., and only one
place to fix bugs.

Rasmus