fit signing without access to private key
Simon Glass
sjg at chromium.org
Thu Sep 12 03:01:39 CEST 2024
Hi Mikael,
On Fri, 6 Sept 2024 at 11:06, Mikael Pahmp <mikael.pahmp at gmail.com> wrote:
>
> Hi. We want to sign fitImages but our company policies does not allow
> access to the private signing key from our build machines. Is there a way
> using e.g. mkimage to
>
> 1. Generate the hash of a fitImage configuration section?
> We will then request a signature for the hash from our enterprise PKI.
> 2. Incorporate the signature in the fitImage?
There is not, but it would be a useful feature. Let me know if you
would like some pointers for how to implement this.
Regards,
Simon
>
> BR / Mikael
More information about the U-Boot
mailing list