From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9638EC636CD for ; Tue, 7 Feb 2023 05:47:31 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 41CB585D0E; Tue, 7 Feb 2023 06:47:29 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=siemens.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=siemens.com header.i=@siemens.com header.b="v6oQNMml"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 031F785C27; Tue, 7 Feb 2023 06:47:28 +0100 (CET) Received: from EUR02-AM0-obe.outbound.protection.outlook.com (mail-am0eur02on20626.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe13::626]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E33D285C27 for ; Tue, 7 Feb 2023 06:47:24 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=siemens.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jan.kiszka@siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bZpwc1J4NCj5SniDj4B0Zs26N8CvZbyT6zBvPnNpf2Gh6uS17BoD9YxIUa/E6AI2epbBErGij5sXeAaTpjWxVLu3/sL3vYA/4NVMF3qeuk2uKpaW8eRTUBqYVJD4ox9jsmOQTsv9Nt7jtk+kojJ+Karb2UgTmzrLhvHszQIiqMI+sEOmtTz0IfEp9Towvmr8xw56ami9fgQVeS/k9BlOjPs7Rb8hi6n34NdYiimdnp//yXJVSyK5CzKrIT8ZOnZgIINSbzBouGjh0Pe8L2zWePcDzkrjikkEm7SyWC5jIe8W+vCh0EYLBQW/BiwLYzwipCLoZgIu2qWESbJcgTf4Sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JxmMwCOp55l/uceheuCwLGvKnIxcMxYx5ZjxL4yv2iY=; b=hr+ccMEgoQ7PY3bUV5tWl/rZXlB5yTeqYdASvkUcV5M53BUEt9woOYyVed5qz30y62dC8WDrnT9b19QCi+KbzNRD/sb6P7FV4dgnk5FRQi2KpvH43THQgNYo6tLHBY0JuuM7qGxk/MoLcwCT28rj2qiLwE9JHYDG0bASUGZiYpc/0zZtaWaJD2dYHeOCOJuH51HVTxU2/jB0eeDpiIXp3hgUIGEr5q+xel0KC3raDYMDgtR/w1cOWsb1ZP4HFxTNENJmB0QpcKj8qrImKRQi7s1RM7RcVe3JRPomWynM5HAKFLitInunEXMaOM2DAVGU2jDn5iI7fjf5kadH3W3Rqw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JxmMwCOp55l/uceheuCwLGvKnIxcMxYx5ZjxL4yv2iY=; b=v6oQNMmlYKF9blCDbOYxJcw7bu3uf8WbuzDdf+gjaqcG6nEg75lxVjyeyInCMjTgyJ3jt2W9P+/WrSfqoibmRx5Ndv9NBM2OyVM26FG9+WSg4jxhjXxn0OnkI+a4flgvLzZ8TNXtJFh47NRQ9eswGweFIAGPsa4NzmyAFha4r3svizIzisAmxB3CPX0nABzW5XW3DLrFcKF8lwgziIgU4qKLyKfVEAD1qCCAz4MyfwDbtKoy9XmEcNDxVSbQ7ZlGBVgqym8EAL+eGkZArfXmwQBq38FPOeZps/BLRo8clG4Idgi3GiAGTiypSuBZwvUroDwc3siI1GvFNtD2/B4obQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by DB8PR10MB3765.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:168::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.36; Tue, 7 Feb 2023 05:47:23 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::784b:e95b:b855:dcc5]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::784b:e95b:b855:dcc5%7]) with mapi id 15.20.6064.035; Tue, 7 Feb 2023 05:47:23 +0000 Message-ID: <3303bec0-2a4e-9776-d5cc-42bf718792ad@siemens.com> Date: Tue, 7 Feb 2023 06:47:20 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Subject: Re: [PATCH V5 07/12] tools: Add script for converting public key into device tree include Content-Language: en-US To: Simon Glass Cc: U-Boot Mailing List References: <283c57cf87a3b278cb1d0b1253b505aca6952d7d.1675427201.git.jan.kiszka@siemens.com> <836f1c5a-4797-b69f-94e1-e6d63559642f@siemens.com> From: Jan Kiszka In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: FR3P281CA0183.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a4::11) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|DB8PR10MB3765:EE_ X-MS-Office365-Filtering-Correlation-Id: 482ad372-2a9d-4434-7279-08db08cec932 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6VeAKYCqjbqVn/6hsXaeKt6c/qVX0RvxbjdZz5n7qk/c5m3jaGCpzGIpWj+VIqsmRGI4aZj//kYFwBQuxUgh2i5eutnBCunRJg7DmViXHpQf67XgvnJxZAoYHlcYgVwDNu0bzt20TorJGc+Kd4uC/RJldpNLoWhSjOPcB6FJ0wUPL1ikrL2o7l8RqpNv74FTnwOjxeyMucObhKsEzy2HPJcm0/B/hlRZwXwhqmacGqWpLPtF9CAEY2aCE0kOnDobuKLZl0ZUR82KHHkPbmGfZMRgw1NIjuVsU4r+FhoQv1T2b7cFN8JN6cj8EeGVmC/6xWDDrYLBW+JeGw75uSk6ujIEHskChHGKKalWf6+G8fUankXEfnXndYdNSTdpFR4f/DkQfX3gOtNkRG1AZLosLsgg8HJAf+xcUwq/xyBPDcb97m4ipyQpzCTqCeIwk1jJMMjPIC29gnvfIFUomR2hoRV4JjyGviBDpJqA6Zi4/IfDLXeCADZ1V9W5v7RV+SYvdSYqVAxO4qsRLtqWA8/uRGFZhnUH1JcwRjNDLhxCB0gRJverr1x3vZOp06T/9glX6hWdAWAEDJp0xRD02qFl+XtT4P0hucR7RKIo8Gnr8MY+QxFOyDfDDXGZWtPxaM3vM5YGLyB3iDrjw1WkOA3JAfcYdb+EVJFdhnxOGnX0czsg+bw3mtUqwLLmJmkvmkN169oX19G4ZGZda4c1nvNdZ70MX0dSJPHkePekP4RIrQNQPaSaNAy6tSC06pxyI+KvuI0UmpJdI39vl34wPAZb3hgP1/6AWgf9KNTuh93m7ayeM26177tm+82VPxmXjrZ9 X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230025)(4636009)(39860400002)(136003)(346002)(396003)(366004)(376002)(451199018)(5660300002)(86362001)(8936002)(41300700001)(186003)(2616005)(36756003)(966005)(6486002)(478600001)(316002)(6506007)(6512007)(26005)(53546011)(8676002)(66556008)(6916009)(66476007)(83380400001)(66946007)(4326008)(38100700002)(2906002)(31686004)(31696002)(44832011)(82960400001)(43740500002)(45980500001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?WDVDL1NxdWRrKzZHTUd4NXBvN0NMSXY1QUxyREVFTXpzTGJzMGRqbGxvMnA3?= =?utf-8?B?QjAzaUExb1hlUmczL3ZTQ0g0UFFkNlBtWFYxekRFS00ycTdXS0tTNHc1aTRN?= =?utf-8?B?YkZMRFVESFM0dmRRSE9OQ2Y4cEdibUVoNENvWWt2eFZBYVBvcC9MSlhXSTdj?= =?utf-8?B?MDdraDMwOXRjOHphMjJGaUlLRHVGeVRha2RNcE9tYzRRd0k5Ykh2ditUaFQ0?= =?utf-8?B?UmdiZ01TekxHS1NPeTBTbmxCbnJZeGhZNzlJMnRnTjNoYWNsNWI3VnUxVEZ2?= =?utf-8?B?d0k0OTZvN1lmY3NhQ1JjYW0xb0lQa2ROdlJ2S1NKS0VDNmd5SW8xaFNrS0lo?= =?utf-8?B?R1Y5cWRma1l5bTU1M1BqUXJ3MmRsbWNtVmpmSG42bGF1Z3RPeFVmanB5MzBa?= =?utf-8?B?RVl3Z2ZFUU9XeG5UemRzb3RSOTZVLzljWWZxWW00UnBVbTFRbGo5V0pYYTh1?= =?utf-8?B?T01LTFNhQ2NSQUcybTd0cXF2anZUQTRXQ3o2OGNqSEVibjU4T05LL2NYVzRD?= =?utf-8?B?T1doWjlxRk1RdmZEZHF4RmVjUWM3QWhxVE0yN1dTMnljcWlmMHJxMzErVnRB?= =?utf-8?B?dWRxR093dlVtVFFUUStVaVZkQ0JQQVFLcWQyV1k3TTJoMXpWTnBTVUpVQ1dr?= =?utf-8?B?dGdWc3FpUUlUbnk2ZStXODhjU1VYcjd6STlGWWMydDlvZFhtcDJMQm84QXBQ?= =?utf-8?B?THVMOHlRSDJoY2dOTkdWVS9WVStiRXlnbmNoazhaaFIvemhKUDN0S2RxbDJ1?= =?utf-8?B?czVEMGtuMlpMTUdqUWNHT2pTYTFETjQzbk5WTmFQMXZiWmRrMlNiWE1XRm94?= =?utf-8?B?cHVqQ0lJckFGVXI4aHJ5NXl4emVqS3gxcUp4aXBYRy9UdjN1UWxGK2pGM1Fx?= =?utf-8?B?dkRodXpUR3VaeEFlYlpMM2JFOVhoQ1AwN0w4eElJbEZvMUY4Z21LcVFtQjlY?= =?utf-8?B?aHAxeEpEZ0VYU2VwYkVpSmIzeU5QVDUvMXFsRlNWcVZTQkZTSS9ZUjNEUndE?= =?utf-8?B?YjJqME80ajRCME9YM25pRDFGNUJnTkRScGtaZTl3ekttNUlqV1FYam9nTEtx?= =?utf-8?B?WEdhc1BpNUdiOVJjUHBhMERyRGovUGJlbG9nMjI4R2N6MEZ4WlRUZFk0dGdl?= =?utf-8?B?TTd3U0dkRkVWYkZTQWhZT3hOR1hRSVlhemM2ZlhxM29mblBlRlFnU2J2KzE4?= =?utf-8?B?dmZkeUw5WWVUWnkxMk01eUlja0wzSEMwTU5WeStIRldvL1RXSzZzUU9pMXV5?= =?utf-8?B?QVJZcnZlbGExajBuL1l3ZGswdGZBOWNCMUxyckNyUUZjYkRmRlJtaXBRQjB2?= =?utf-8?B?UERkTUFyUzdNanVEM2VJS2x3QnQrbUovaHBmWnBoRWc4UEdZY2tVcGQvTGtE?= =?utf-8?B?Q1gwRHFkZW5sdmdLSTVxU1k1QU03eVEzaEVlcHFpczhqbWs0aXhCQmExQkdZ?= =?utf-8?B?b1JQWGR1NTVSTW4veWQrSDBBVUVLRERjejZuUkJNNXNFTUJtcFNZODladGxX?= =?utf-8?B?aHlUK3JxN0FKUU1IREJldzBVaWl1emZsWTg0SU5DSEtRWm1CN2hYUVg1Slhp?= =?utf-8?B?aVVjTXE3QlFmcDVub2tEMTNmSHlrOWtocHhobm03QmJsYTg2SytuWHpLb200?= =?utf-8?B?TExlY1hjdFdpNlNzTnBDbGxqelR1YVVwOGVWTmFlbjBhZzFOdDJWZVIvTmdm?= =?utf-8?B?aTJZNCsvYjEzV2F2bzVvWlFCTm53dDMxTG1rSHAzdU8rNjlLak1RZzgyYVRn?= =?utf-8?B?ejBSL0RiSmFGQWJieHV6RmFYakovWlA1NVJJQkZ2TkJNcmQxazlsVVA3bS8w?= =?utf-8?B?a0xXYUQ1bTNSUUQ0S0RLNk1mT1hNNGZkdTRaTzd4U2RUTHg3eGF4YkYwZ1k2?= =?utf-8?B?MDNMRjk2eThlYm84N2MyMzNWR0MzOFdSSjBtQ0MvbFZNRVRtVWcxNG1JYlNs?= =?utf-8?B?MXYrMUczMVFzV0FQTlFDSSswdkczbHEvcWxLYnlIRkxSbGtyekdKY01DNk1M?= =?utf-8?B?R2IxTFVDVDFpQStjeHRNU3NvMUpGOHRsTkpCV2NwVUJpczZKNGRaWmpHZFhn?= =?utf-8?B?QmVVUHBPcFJ4MDhhWGR4eTJFT1JXQUt5aGVMMWUxZU9zQThVR2lLU2RraUF2?= =?utf-8?B?MGZib21CK0kzdWkvSGg3WndscnV6MlBEM2ZxdmE0blg0c3RMUkdVUWJPL2sy?= =?utf-8?B?enc9PQ==?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 482ad372-2a9d-4434-7279-08db08cec932 X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Feb 2023 05:47:23.5960 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7IdN3Z0J4PWQ5qYP98bRDCbtU7CtzdObRw6TF3KBzPcgTvDWADEVrRceDBtDawGBS+960zgtw7yylWVqLe++ZQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR10MB3765 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean On 07.02.23 05:02, Simon Glass wrote: > Hi Jan, > > On Mon, 6 Feb 2023 at 03:42, Jan Kiszka wrote: >> >> On 04.02.23 23:23, Simon Glass wrote: >>> Hi Jan, >>> >>> On Fri, 3 Feb 2023 at 23:35, Jan Kiszka wrote: >>>> >>>> On 04.02.23 01:20, Simon Glass wrote: >>>>> Hi Jan, >>>>> >>>>> On Fri, 3 Feb 2023 at 05:29, Jan Kiszka wrote: >>>>>> >>>>>> From: Jan Kiszka >>>>>> >>>>>> Allows to create a public key device tree dtsi for inclusion into U-Boot >>>>>> SPL and proper during first build already. This can be achieved via >>>>>> CONFIG_DEVICE_TREE_INCLUDES. >>>>>> >>>>>> Signed-off-by: Jan Kiszka >>>>>> --- >>>>>> tools/key2dtsi.py | 64 +++++++++++++++++++++++++++++++++++++++++++++++ >>>>>> 1 file changed, 64 insertions(+) >>>>>> create mode 100755 tools/key2dtsi.py >>>>> >>>>> Please can you build this into Binman instead? We really don't want >>>>> any more of these scripts. Perhaps you can add a new entry type? >>>>> >>>> >>>> I don't think you are requesting something that makes any sense: >>>> >>>> "Binman creates and manipulate *images* for a board from a set of binaries" >>> >>> I mean that Binman can include a public key in the DT, if that it was >>> you are wanting. We don't want to add scripts for creating images and >>> pieces of images. >>> >>> Perhaps I just don't understand the goal here. How would your script be used? >>> >> >> We feed the generated dtsi into the U-Boot build, using >> CONFIG_DEVICE_TREE_INCLUDES. This ensures that will be signed along with >> the built artifacts. Have a look at patch 9 for the steps, specifically >> the doc update bits. Full bitbake (Isar) integration is available under >> [1], specifically [2] in combination with [3]. >> > > OK, so is Binman run in this case? > It's run at the end of the build, to assemble the unsigned flash.bin. And it should have been used also for signing that image (patch 8, see the other discussion). Jan >> Jan >> >> [1] https://github.com/siemens/meta-iot2050/tree/master/recipes-bsp/u-boot >> [2] https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/u-boot/files/rules.tmpl >> [3] https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/u-boot/files/secure-boot.cfg >> >> -- >> Siemens AG, Technology >> Competence Center Embedded Linux >> > > Regards, > Simon -- Siemens AG, Technology Competence Center Embedded Linux