U-boot
Roman Kopytin
Roman.Kopytin at kaspersky.com
Sat Jul 31 05:34:08 CEST 2021
Thanks, Michael.
Can we sign in the separate state on special server for example?
Looks like we can work with public key only in this step.
From: Michael Nazzareno Trimarchi <michael at amarulasolutions.com>
Sent: Friday, July 30, 2021 8:50 PM
To: Roman Kopytin <Roman.Kopytin at kaspersky.com>
Cc: U-Boot-Denx <u-boot at lists.denx.de>; Simon Glass <sjg at chromium.org>
Subject: Re: U-boot
Caution: This is an external email. Be cautious while opening links or attachments.
Hi Román
On Fri, Jul 30, 2021, 7:44 PM Roman Kopytin <Roman.Kopytin at kaspersky.com<mailto:Roman.Kopytin at kaspersky.com>> wrote:
Hello, dear U-boot team
I have question about your old feature: U-boot patch for adding of the public key to dtb file.
https://patchwork.ozlabs.org/project/uboot/patch/1363650725-30459-37-git-send-email-sjg%40chromium.org/
I can’t understand, can we work only with public key? Why do we need to have private key for adding step?
In documentation it is not very clear for me.
You need to sign with private key and keep it secret and local and verify it during booting with public key. Private key is not distributed with the image
Michael
Thanks a lot.
More information about the U-Boot
mailing list