[PATCH V5 07/12] tools: Add script for converting public key into device tree include

Jan Kiszka jan.kiszka at siemens.com
Mon Feb 6 11:44:10 CET 2023


On 06.02.23 11:42, Jan Kiszka wrote:
> On 04.02.23 23:23, Simon Glass wrote:
>> Hi Jan,
>>
>> On Fri, 3 Feb 2023 at 23:35, Jan Kiszka <jan.kiszka at siemens.com> wrote:
>>>
>>> On 04.02.23 01:20, Simon Glass wrote:
>>>> Hi Jan,
>>>>
>>>> On Fri, 3 Feb 2023 at 05:29, Jan Kiszka <jan.kiszka at siemens.com> wrote:
>>>>>
>>>>> From: Jan Kiszka <jan.kiszka at siemens.com>
>>>>>
>>>>> Allows to create a public key device tree dtsi for inclusion into U-Boot
>>>>> SPL and proper during first build already. This can be achieved via
>>>>> CONFIG_DEVICE_TREE_INCLUDES.
>>>>>
>>>>> Signed-off-by: Jan Kiszka <jan.kiszka at siemens.com>
>>>>> ---
>>>>>  tools/key2dtsi.py | 64 +++++++++++++++++++++++++++++++++++++++++++++++
>>>>>  1 file changed, 64 insertions(+)
>>>>>  create mode 100755 tools/key2dtsi.py
>>>>
>>>> Please can you build this into Binman instead? We really don't want
>>>> any more of these scripts. Perhaps you can add a new entry type?
>>>>
>>>
>>> I don't think you are requesting something that makes any sense:
>>>
>>> "Binman creates and manipulate *images* for a board from a set of binaries"
>>
>> I mean that Binman can include a public key in the DT, if that it was
>> you are wanting. We don't want to add scripts for creating images and
>> pieces of images.
>>
>> Perhaps I just don't understand the goal here. How would your script be used?
>>
> 
> We feed the generated dtsi into the U-Boot build, using
> CONFIG_DEVICE_TREE_INCLUDES. This ensures that will be signed along with
> the built artifacts. Have a look at patch 9 for the steps, specifically
> the doc update bits. Full bitbake (Isar) integration is available under
> [1], specifically [2] in combination with [3].

Correction: Patch 8
(https://lore.kernel.org/u-boot/cover.1675427201.git.jan.kiszka@siemens.com/T/#m48507dd6db008485b2ebfb0e61ec9b779dfaa2fd).


> 
> Jan
> 
> [1] https://github.com/siemens/meta-iot2050/tree/master/recipes-bsp/u-boot
> [2] https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/u-boot/files/rules.tmpl
> [3] https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/u-boot/files/secure-boot.cfg
> 

-- 
Siemens AG, Technology
Competence Center Embedded Linux



More information about the U-Boot mailing list