[PATCH 14/18] board: ti: keys: add .key and .crt for fit signature signing

Manorit Chawdhry m-chawdhry at ti.com
Mon Jul 17 10:20:16 CEST 2023


On 09:32-20230714, Andrew Davis wrote:
> On 7/14/23 12:52 AM, Manorit Chawdhry wrote:
> > Fit signature mechanism through the standards require the presence of
> > .key and .crt in the folder with the same name, since we are using our
> > custMpk only for the signing, update the format to that of standards to
> > be compatible for packaging easily.
> > 
> > Signed-off-by: Manorit Chawdhry <m-chawdhry at ti.com>
> > ---
> >   board/ti/keys/custMpk.crt | 33 ++++++++++++++++++++++++++++++
> >   board/ti/keys/custMpk.key | 51 +++++++++++++++++++++++++++++++++++++++++++++++
> 
> The key file should be the same as board/ti/keys/custMpk.pem, right?
> If so why do we need this new name?
> 
> Also the crt contains information about the person signing the
> images, it should be generated at build time from a template,
> not provided here in binary format. Certs also have an expiration
> data, so this would become invalid at some point.
> 

Yeah, I agree to that, we had to do this initially as there was no other
way of packaging it through Yocto but it is better that we clean all
this up and keep U-boot as it should be and Yocto part be handled
separately. Yocto can generate the cert and the keys as it requires
itself so we don't require this patch anymore and will be dropping it so
that Yocto can clean that when required to integrate this.

> This whole series needs split up, the first half seems like mostly
> reasonable cleanups. But the second half I'm not so sure about and
> depends on the binman patches.
> 

I am thinking of keeping the FIT_SIGNATURE series on hold as I believe
binman is having some changes in that, I can re-roll the other part of
the series later, wasn't expecting a lot of changes in binman so had
posted this also but will wait till it stabilizes.

Manorit

> Andrew
> 
> >   2 files changed, 84 insertions(+)
> > 
> > diff --git a/board/ti/keys/custMpk.crt b/board/ti/keys/custMpk.crt
> > new file mode 100644
> > index 000000000000..01bd64aae577
> > --- /dev/null
> > +++ b/board/ti/keys/custMpk.crt
> > @@ -0,0 +1,33 @@
> > +-----BEGIN CERTIFICATE-----
> > +MIIFwzCCA6sCFHKW0ueol0+vsilVaZyqKhppo9ryMA0GCSqGSIb3DQEBCwUAMIGd
> > +MQswCQYDVQQGEwJVUzELMAkGA1UECAwCVFgxDzANBgNVBAcMBkRhbGxhczEnMCUG
> > +A1UECgweVGV4YXMgSW5zdHJ1bWVudHMgSW5jb3Jwb3JhdGVkMRMwEQYDVQQLDApQ
> > +cm9jZXNzb3JzMRMwEQYDVQQDDApUSSBTdXBwb3J0MR0wGwYJKoZIhvcNAQkBFg5z
> > +dXBwb3J0QHRpLmNvbTAeFw0yMzA2MDEwNTIxMTZaFw0zMzA1MjkwNTIxMTZaMIGd
> > +MQswCQYDVQQGEwJVUzELMAkGA1UECAwCVFgxDzANBgNVBAcMBkRhbGxhczEnMCUG
> > +A1UECgweVGV4YXMgSW5zdHJ1bWVudHMgSW5jb3Jwb3JhdGVkMRMwEQYDVQQLDApQ
> > +cm9jZXNzb3JzMRMwEQYDVQQDDApUSSBTdXBwb3J0MR0wGwYJKoZIhvcNAQkBFg5z
> > +dXBwb3J0QHRpLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL8U
> > +rknYf3LTayPN60gOZdwiTfIOT4L27bXy3dt8kfpuWf/V97beBB2KzNKV2dHgxMH4
> > +UL//SAyRIlCaTHuL85YKKCazpNngqVVBGvs+Wydsv8rAca8vciLuRgElYq0+xwT2
> > +sRi2LMASbg/imz7lpqCoBkUDQRdOFh+pdNaETtZ5pxC4EakOkh8l3X+x8tG58mjY
> > +M1lLgn13zNGc+iO0+1iI8s3q1RbyLHUt+mLDwQlu4AZw4LUHCZli2dbk52xtyIIH
> > +UJP34tjt0V/j0J7Pk1TZX91dzjdg8asUigR7Zae6f99FRXxLoVuuTsaUPYxOh9KU
> > +PKTzn9r88jZ85w2tWkI38SqB0G6hp2cDHoftALtzSmgoMaKCmqMEweiH/0V+qsGf
> > +1DsFx4P9IXH+vX84yRYZUg7mAzONHR7JNhzNTp2CKYjNmyq+bF97srI6eQBqffWt
> > +Gp0ezVgqz170ToCrO0/d+NTeNKLEINlZGS2FAl4faLFMjbkRBuktdrVYjFCoN25m
> > +eG+DMEZNNJ+0GEq5u/p7xa7WMhCEhGw/moAzNfxNvNVuYFRQz35tgJcE+o8LIP29
> > +mCuhN71Z/UrsRaEJixfJchQztwVeEl3iWh3OIVT24erVVaon600J3xlAgi5miRdl
> > +2W6z1jhOjWEW1nTU3hZfURnVQriD0sjeS6lpl7aNAgMBAAEwDQYJKoZIhvcNAQEL
> > +BQADggIBAHy+h1FQKedFTJWgqGJkTwtcym5LyXD6ig8LyhJpVEbXmqK7ZKY2F2hB
> > +PqVbfCZNogszIvl8q3ykz+tcGbfBk3rq+KMUwbk5E29mSMmAJ9DNNozudgKkKq9w
> > +RmcO1bXCEspFgNvNEkYAQCBvMOyH/nCyFu9QzOzN35XIzf0fI3jM6rueLxSXq3xO
> > +7yHUZ3mzAZp6e1Qo6cuABAw1q6KqKYJCnJ3Nq6F42bmGp8mSD+2AuGV8cU+7Z3sh
> > +k/ooFMCsulj1R5+TlKgEfqspQXbefEsvRW3n3ZD8bcQF0ytiX7XVmDMFVpQkTzps
> > +92fjZ08Zcj7bCZQsFXXACIQkMiTiiMW6NwLFZDyq11/B1oe1bhjFUuqqUkHC/PKx
> > +gdWRwluGRt+onFRD5/upXnugKT99j/hQ7sy80a64A1xoCcKVbwcHU7YBQG1vLk6D
> > +idg0vI3gj7v+/jZEPkv/KrqAI6YuvpplkcHkEKuAUFAkozvVJ5pPK3K0xHBJGNMK
> > +kJ9FMAakFj6jfZaR5Ay3ZuOAn5oPMwd6RaauNOzVpBll6DFOyw2rU6fbId/gi841
> > +drmBfM6ufue6ecslkp9zSOpPLXhjt2g9NRVKPE20CmRetVSDLcMFet7ZImbxqggw
> > +yjDxA7oR+Px+o+xr+djcDlfj6500Rys6W1SNHe99HXOCcpQqivX0
> > +-----END CERTIFICATE-----
> > diff --git a/board/ti/keys/custMpk.key b/board/ti/keys/custMpk.key
> > new file mode 100644
> > index 000000000000..adba378c8008
> > --- /dev/null
> > +++ b/board/ti/keys/custMpk.key
> > @@ -0,0 +1,51 @@
> > +-----BEGIN RSA PRIVATE KEY-----
> > +MIIJKQIBAAKCAgEAvxSuSdh/ctNrI83rSA5l3CJN8g5PgvbttfLd23yR+m5Z/9X3
> > +tt4EHYrM0pXZ0eDEwfhQv/9IDJEiUJpMe4vzlgooJrOk2eCpVUEa+z5bJ2y/ysBx
> > +ry9yIu5GASVirT7HBPaxGLYswBJuD+KbPuWmoKgGRQNBF04WH6l01oRO1nmnELgR
> > +qQ6SHyXdf7Hy0bnyaNgzWUuCfXfM0Zz6I7T7WIjyzerVFvIsdS36YsPBCW7gBnDg
> > +tQcJmWLZ1uTnbG3IggdQk/fi2O3RX+PQns+TVNlf3V3ON2DxqxSKBHtlp7p/30VF
> > +fEuhW65OxpQ9jE6H0pQ8pPOf2vzyNnznDa1aQjfxKoHQbqGnZwMeh+0Au3NKaCgx
> > +ooKaowTB6If/RX6qwZ/UOwXHg/0hcf69fzjJFhlSDuYDM40dHsk2HM1OnYIpiM2b
> > +Kr5sX3uysjp5AGp99a0anR7NWCrPXvROgKs7T9341N40osQg2VkZLYUCXh9osUyN
> > +uREG6S12tViMUKg3bmZ4b4MwRk00n7QYSrm7+nvFrtYyEISEbD+agDM1/E281W5g
> > +VFDPfm2AlwT6jwsg/b2YK6E3vVn9SuxFoQmLF8lyFDO3BV4SXeJaHc4hVPbh6tVV
> > +qifrTQnfGUCCLmaJF2XZbrPWOE6NYRbWdNTeFl9RGdVCuIPSyN5LqWmXto0CAwEA
> > +AQKCAgAzkAwcJ0z1GnId/lJQZno8NhGckRoJuEKbR8dwlCP8VUz6Ca5H7Y9kvXDa
> > +Hs/hn+rYgP6hYOz7XyrIX2rmJ/T6dxEwqGeC1+o59FConcIRWHpE5zuGT6JYJL5F
> > +TuZa48bm4v8VMQvQZOjIZpkIFwao8c6HTwKAnHTB5IN/48I2hCt+Cn3RhfoOZ7Rm
> > +4gkpaSkt+7GXlhXHb82YfujNO+hbktEamhUYlQ9EK70Wa8aqmf3gHxO0JgsEFjW8
> > +lJaSnultlTW8SDcx3LMUUjCYumECk4oX/VlJfmKYjPlVjkr3QQ+Cm3nNucb4K4hc
> > +c+JL+2ERhSj8RjXL7VgbNgdPnIjvQDJuTNqecTU8xWPYrkOLQpNibbLjnutLkhJz
> > +fMyRtmDtrsey8WiCDuCHkPJ8/f8RjL2zWI9fzTDDIzdlEKouUFGOovaHVnbua6pn
> > +hymcu9d9FV3p2rcbj0ivCs7e8j+vhSxFJEJoAbcQdXCTi/n2uR7pLtoMNiUzsejy
> > +d46Uz+KEU920NTwE2z6JJq8I2vegnxjc7PDDrV3/5rK04B93aXiqvwWseCpxelrI
> > +xaMkRHbXrIXRO6MXQ3N+zNq8Dg3hjGTTvaBKuwgvqLwlXY8+Aa3ooFzEOInIOSsI
> > +XcWqXxt/tgZgsj9RwpC42t8kbA+BkbNk9EIUa+P5kEr2P/fO7QKCAQEA4EtArnOX
> > +D6tQF8uTw8USOZC2P9s/ez1z4jRq3oKP0Kv4tJiuIObJ/dUvGVD7aM5v2xaCfhm8
> > +xpk09VPUgghfG5jR5qVvQr75kCNToJQudWi4ngk1HwKJzzTO11giFEdybvTUA+Pj
> > +fmxCM0dYYqRWZoj0hLqXlUCwxE74BFIhJVjeYbf+nTQrqpllTLoW7MTZHzGx5SXx
> > +4dNzyVAUH49Yt2D8mgXXCkf5sGLh762wj34b/rR10Kr4O5utGMZrfTRIbuQ1pNjU
> > +m66baPzq+mC0BzqZEW70TgEb7lOr8rcVXLOi3r36omfd9/MHx7iZD6o3K1axSO15
> > +grD4ZrN7Ac3QJwKCAQEA2heCoBdpvy6YUk8AO2k8qDygTdmPQRuwjjT+Z2fMslBt
> > +D7DkpKwZ6Bl9OclcpiiLHmH+hv65KqYg+tR0RRb7PcogB9El9x7yKkGTPZEYWGky
> > +n8P84rJpKwjnwWQvPQktI1cs3YGvZA9DQTFBavRrwuzgd1oSJq5aPQ2tme0kMvWp
> > +l1/B/cPK+PKCi/Wfisaze1TjijP9qIeUwkdNN6WLrLU3QgsGppcg2I7RQtAIikT6
> > +GkuiOQAvWMsrJVV6PNrVKz4fJDJ59Rz6jbDHZNi1MEYNxQoB/Pl7QIakbfjWpHLv
> > +8Ey7cB2JKxjQy8tmyl8WNQVbXbE6daPXcMTUmaRAKwKCAQBv1lYMJmq+T2eCVen6
> > +BbvOpE+bi5EdvEiaFBTtmiBnpjg+pJq+oRU60h/H+c9CNR0lGxY6Fk9An4f+g6xE
> > +ojP6KLsQzJCrsVny+wpp2TlJJcxYULMCIVvhy60PR0zG29E9biqBPhJjKUvhEcQK
> > +e3LxcXyq6fdHXphFajLUxLbuTl+kTgBRFoBnclFGbsubh5PTsA3J+p+fQLZNPPar
> > +veg4l82cZykQYU8pGkUaI3sUMYd3+zd7sqRP5JHs9pMGPRmY4YW2CsAIWIn5UZNB
> > +ARMDP76vKKn8cyUgMuxb+9pU/OVLN2NPs4bEaZQJjAwV+YPEwldny7F47xEM9JVz
> > +EtKlAoIBAQDUt62u3GdGE/p5/ZgqWoDRTyDEDfmN9aYFbmbdEP80xQE7FrxMaZhz
> > +K7laja6SWmUm40nQ/c45bQQp4uLtKHcxU15egX7YRBTLZl5o5IasZR79ebnEm2O8
> > +l9kEZeU1USf3mmWmP4GExOZCRfqaiYA6BbUCdJXTqKdXeWnkAssV8UrS3JFoJHpq
> > +yo7OWGqefyQ8nRW6jO9SW7uaqtUD+7H6aF5XSk3YWvusfdBZrHNH+fM/hpnZovaL
> > +Us7ogTDS/laA8PyK37jYfMVdQhmZoU1Iomt3zkUWK3gt/aWPpfAlQf4Jka4YspZB
> > +tNiijefaZ1hPqsPs5Joyd/YAhdsfaHc1AoIBAQCn/9j6RRjRaw0ip756oad4AXHz
> > +XBwVB2CrY96qT6Hj9Sq7tGgdskqGkOQkAivBLBizUdcWv0t1yenOsSgasQeMlvlh
> > +B8md9cLvpKXPB3HM3rTDH/xNXe0TpVKLf7SXC8HfDyIweHwMW3QgO2DWrvI4BV/T
> > +ckBatRNQ90HxkqGFhC/Mp529lQlyg3ifxPxJsvZOyPMUnrflAvsKQk5c2ZiQg3nZ
> > +h7I2pjSYgCl+Ib52l8p9bf1kcrVGgPM+auzm496i0RPobFeDBoBvSoznJktHJ7+3
> > +NnZH+jLiZCODiQPGtQUi+T6eIZUIJF0YASpsCCtUzXCxwW3lYIDNy7UlMivF
> > +-----END RSA PRIVATE KEY-----
> > 


More information about the U-Boot mailing list