Binman signing

Simon Glass sjg at chromium.org
Wed Apr 26 23:29:02 CEST 2023


Hi Andy,

On Wed, 26 Apr 2023 at 12:49, Andy Pandy <andypandy123g at gmail.com> wrote:
>
> Hi there,
>
> First of all,  I would like to thank you for the tool, I like it a lot.

Great!

>
> I've been trying to sign uboot by placing signature section into configurations section. Something like:
>
> {
> algo = "sha256,rsa2048";
> key-name-hint = "dev";
> sign-images = "fdt", "loadables";
> }
>
> But I can't find how to sign the second stage uboot, and integrate the public key into uboot spl device tree with binman.
> Prior to binman I used mkimage to do that, as follows:
>
> mkimage -f uboot.its -K u-boot.dtb -k ./keys -r image.fit
>
> Could not find it in the documentation,  I only saw pre-load, but I am not sure that this is what I am looking for.
>
> Would appreciate if you could give some hint on how this could be done.
>
> Thank you for your help

+Ivan Mikhaylov

I believe that 'binman sign' does this:

https://u-boot.readthedocs.io/en/latest/develop/package/binman.html#signing-fit-container-with-private-key-in-an-image

Regards,
Simon


More information about the U-Boot mailing list