[PATCH 0/2] RFC: add fdt_add_pubkey tool

Roman Kopytin Roman.Kopytin at kaspersky.com
Thu Nov 11 09:15:10 CET 2021


In order to reduce the coupling between building the kernel and
U-Boot, I'd like a tool that can add a public key to U-Boot's dtb
without simultaneously signing a FIT image. That tool doesn't seem to
exist, so I stole the necessary pieces from mkimage et al and put it
in a single .c file.

I'm still working on the details of my proposed "require just k out
these n required keys" and how it should be implemented, but it will
probably involve teaching this tool a bunch of new options. These
patches are not necessarily ready for inclusion (unless someone else
finds fdt_add_pubkey useful as is), but I thought I might as well send
it out for early comments.

Roman Kopytin (2):
  tools: add fdt_add_pubkey
  test_vboot.py: include test of fdt_add_pubkey tool

 test/py/tests/test_vboot.py |   8 +++
 tools/.gitignore            |   1 +
 tools/Makefile              |   3 +
 tools/fdt_add_pubkey.c      | 130 ++++++++++++++++++++++++++++++++++++
 4 files changed, 142 insertions(+)
 create mode 100644 tools/fdt_add_pubkey.c

-- 
2.25.1



More information about the U-Boot mailing list