Re: [RFC PATCH v3 7/8] mkimage: add public key for image pre-load stage

From: Philippe REYNES <philippe.reynes@softathome.com>
To: Simon Glass <sjg@chromium.org>
Cc: mr.nuke.me@gmail.com, joel.peshkin@broadcom.com, u-boot@lists.denx.de
Subject: Re: [RFC PATCH v3 7/8] mkimage: add public key for image pre-load stage
Date: Fri, 3 Dec 2021 11:29:43 +0100	[thread overview]
Message-ID: <8425097c-7b3b-2d77-eff1-90e4706b0617@softathome.com> (raw)
In-Reply-To: <CAPnjgZ3gn-rsbg-fTXCWRsyanKFo008CYwG=e9O5Ux=tyO-_yw@mail.gmail.com>

Hi Simon,

Le 25/11/2021 à 01:13, Simon Glass a écrit :
> Hi Philippe,
>
> On Wed, 17 Nov 2021 at 10:52, Philippe Reynes
> <philippe.reynes@softathome.com> wrote:
>> This commit enhances mkimage to update the node
>> /image/pre-load/sig with the public key.
>>
>> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
>> ---
>>   include/image.h    |  15 ++++++
>>   tools/fit_image.c  |   3 ++
>>   tools/image-host.c | 116 +++++++++++++++++++++++++++++++++++++++++++++
>>   3 files changed, 134 insertions(+)
> I'm a bit unsure about the format of the key here. Is it different
> from the normal one used by U-Boot?
The format used by pkey is the der format without the first 24 bytes.
For example, to create this key in a shell, I use the following commands :

openssl rsa -in private.pem -pubout -outform der -out public.der
dd if=public.der of=public.raw bs=24 skip=1

As described in the comment line 340 in the file test/lib/asn1.c.

> Regards,
> Simon
Regards,
Philippe

-- This message and any attachments herein are confidential, intended solely for the addressees and are SoftAtHome’s ownership. Any unauthorized use or dissemination is prohibited. If you are not the intended addressee of this message, please cancel it immediately and inform the sender.