From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 46077C61DA4 for ; Mon, 6 Feb 2023 10:44:22 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2D05A85B72; Mon, 6 Feb 2023 11:44:20 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=siemens.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=siemens.com header.i=@siemens.com header.b="U/9MREgW"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A98368008E; Mon, 6 Feb 2023 11:44:18 +0100 (CET) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on0622.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::622]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B3C128008E for ; Mon, 6 Feb 2023 11:44:14 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=siemens.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jan.kiszka@siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZpKbJbwnHHVXlOQKqubYvkYhwrSzZa19KoOEf1kkrx4YFUI0qp3G6Q7geoJdyZsJkSOvDE9QR327XwAYg7bqRjlOahtGcEoziFc9JXqjTTJs7QM/rhCROw3anY/Zks5v4mJR688x8e2JPZJtxKkuD+s3lc6qMH0NwkoGJzjyRw8muGjS4JpdxUhq7mUiYH7MICeGPqJRC6WU9a09WCfK4fHl4uo7/oOZY6EldAjFjrOf7k96oHUOlEMWBANvhaN9rhrsHL4JPlATQc8y5tCY5uuhUxT5tWdPnRVOYoqfP5MpThXmVM/Nm3Tig0dTqvAhKojluBVKOf1N6HHp7Oki4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RK/n3zfUqm2yaUcplXiizLIz3rj92VNAqIKP8cA6K64=; b=WtCafmyEh4gmZHy2pSi/sdoNNsDF00wozYZNMl4z/t8431TjAf9LCfi/cQUr995ilV6W8fyetCI1llka9VVnz0XU39TbPE8LkITz20dfu98Y62lbjEBc9GIFXUGQRb0CuJWiiLfAGWMN8zV+RxRJ+a7jU8k/4daF4COYZgWh0jrIYbW51Np9WzUfPzK9xNhoY6Nx1gWjUQv/G36hqiOAlsFnwkwWdbfTMcddB1ya5I3Vcn7rqlG7qT4/1WKIdtj81eYYLYhhQ8d32GZT8asltC9hn+W6KaO7zEACgfNghp9qYxqtPExVIf7xex12tEmNt8Y7eTctL/kZFwuc7b805A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RK/n3zfUqm2yaUcplXiizLIz3rj92VNAqIKP8cA6K64=; b=U/9MREgWZE33LgTfDOQeJuaBZWoY5KBYqrPoHpCRIjoavx0kIvNhoBhfZiezU3mlq29VhqFtorCxT9NoGrLAKMQZNbJnbZ8hqY+vYzWCLhoIYKWRl6uhId9W5Qc0TJLGRPZbLwnIgKmY0d7ymUukT/OkoEGfAGmrhTYdD+EoO9BX1S2DTlJXq+ST6Gn3bTFIpk4wfH+gxwbWhyxeeRDLLNlv9BBchaOulaHh5mQZc/LBGyRpN9TysgvSsJ/jHXKklH+bAh0k+GQlJqJPUCo/yUmFRO5LfPfQ+Pl+rroM3R69XjiBTo2CLs0FFBfAlG0wmFJqXrrn/UOaf2LdiA7Xgg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by AS1PR10MB5745.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:47c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.23; Mon, 6 Feb 2023 10:44:13 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::784b:e95b:b855:dcc5]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::784b:e95b:b855:dcc5%8]) with mapi id 15.20.6064.032; Mon, 6 Feb 2023 10:44:13 +0000 Message-ID: <93ab1ac3-4600-5af3-1104-78d030d6bb2b@siemens.com> Date: Mon, 6 Feb 2023 11:44:10 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Subject: Re: [PATCH V5 07/12] tools: Add script for converting public key into device tree include Content-Language: en-US From: Jan Kiszka To: Simon Glass Cc: U-Boot Mailing List References: <283c57cf87a3b278cb1d0b1253b505aca6952d7d.1675427201.git.jan.kiszka@siemens.com> <836f1c5a-4797-b69f-94e1-e6d63559642f@siemens.com> In-Reply-To: <836f1c5a-4797-b69f-94e1-e6d63559642f@siemens.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: FR2P281CA0093.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9b::18) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|AS1PR10MB5745:EE_ X-MS-Office365-Filtering-Correlation-Id: de06f88c-f146-44b9-c029-08db082f15fb X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: jLl3Yq7QhA/I5lo6KA/Q5ZSSBlBwBL8HFvetdbjLd+FYwfjyYvJtxy8fnqWYv81ODNQJ6ZbFVTgjGyWNOfnHjnSqgwD1Y+hxyjbYrw53orVBIamGfoX+oCwop14aFblySRwRhkpJcb/GrDcVW0KgrHTJlZR9KsneK83vPyqBK2Ep+/E4m8ij1U2Lm1vd/Z7/lpNZSU+lNKJNoiDX0neVDlh22KsGeGbVwXNei9uuhLdM1+ccwh8NCIvboJSCLV/I57OSfC79bYvM8U0AUE0dHvsyBbjmdsZkvsTt2QzZcGEVB25cgkpJtiarqehEYoTqrE+xtXerkvx2C3tzo7F175+yZinzuZ7bwIdBj1b61P3t6WdMxJwuijOOw7jT4Q+Xyxvex3amNYfoXRSk8Td5BRhipCY8pZZ1oi3wqZu7xw/tk5/BiI6JT4KH+p7JZqCM1w+LtnG6duxxgdv+X8Iq6uYra9l9IChxy/DPqXJ0YDTBzwWaVDjqvFtF+6A9qvQrEahl3939QBlzn/baXFAQEVIxU/J9HYiA6U+VFzTa+sWtnKWbVA3L3pfLu/eZP29ALx42h7qvrsIKXzYCUpeiydb6GZJ4oR8w7IIcIjeCe9Hhh5TOOFpInrbxP/Q9sgxbRPZfFHHyjBKX0FnOdVBF4tud0bMEKNgAgNrkY9S+EBkm6RaRioIVloPVyiFoG06W1vAfYcc5aSxEHR958nK3xvflbDJE7qJ+QcwD9tBoLDDHyQTNYs5nh6qf/HuC0N11TA6WkfEsZyexMzTjOO9q73AusW7ZuY9MHVQVpyoXuIj568n1atIbNJ3zHcnZihrCxCPUkk81GGeFQrxXNV2VS+sURyr2cUFAArqwIgXeYCs= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230025)(4636009)(396003)(136003)(366004)(346002)(39860400002)(376002)(451199018)(66946007)(31686004)(66476007)(66556008)(4326008)(6916009)(8936002)(8676002)(41300700001)(83380400001)(5660300002)(6506007)(53546011)(2616005)(82960400001)(38100700002)(2906002)(316002)(6512007)(186003)(36756003)(966005)(26005)(31696002)(44832011)(478600001)(86362001)(6486002)(43740500002)(45980500001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?UUVIYjVmNjhNS2ZBTW5Xd04zVnhsL0ZVZXBZSDRRZkJ0QTFieFREcHdWejJQ?= =?utf-8?B?RzNYRmhxbXpkeFNQUWtoMWRxK0dYVHBORGZkbklONmdqU0tZYVVnbHVraHhn?= =?utf-8?B?MkFWcVVyVkRFTWhFTjh0c2JlTU5KZ3A3TEZEeXRwYjJYUXQxSEk5bkpPT2Vp?= =?utf-8?B?c2VpQTUweEQxZnk2VVlrVldULzdZc3VrV05tRTE3TmY0L3ZHeDRSV0w0bUdx?= =?utf-8?B?SGZPNm54K3pLYmd2cWlpZWFhZ3JET1VCbHZwVUt1NGphQzhBMm85Tk15cE8z?= =?utf-8?B?VEJsOXNoUjJkRWtBQU0vMUJjN2JKRHVVSnFlaFhreUFVa2VZRExpM3F1dG10?= =?utf-8?B?YXZvMXVTTTJ0bzM0SnRNcDR2N3hxS0d0aU5iQU9sa0MyVXU0RERPUSt6YkJI?= =?utf-8?B?WGltU0pjN1E4bjltZkI5eEFCSG94YThFL2VVTDBuVVFSWVFHaHpYMlg5dTZN?= =?utf-8?B?TUZnRThQOUxPeDJJQmNQNlRIVlJjd3VnLzJoTU1pSVRGdWwzdzZMYXp3WGtS?= =?utf-8?B?QUgzeHBPVXlxcHVTVEpKazZSZFhiZWlXdDdNV0E2ckZRVktaa0wwQXd4OEZi?= =?utf-8?B?MXJDT2lKNE9pRDMvWnliQUFLK09ITE16dExkbWNNNXpsczNOd3VDYVRNelE1?= =?utf-8?B?eTJGZlRvb0RkQ3VvMTJSaC9qRzl4WVJEMjhjMEt6MFQraWJhOVVkNE5ycnpB?= =?utf-8?B?cXNpbmpWZ2l5S1F0UFJVeEdnMjA4SUFRK3hPVnlmMExOMHppUCtxS3JSTk04?= =?utf-8?B?a1Q3Um1ZZHYrNFBTaUZYNWxqUnZabVZDQ3JqemFnRjVucHBhMHBnQjhWUS9i?= =?utf-8?B?R1Vqc1FQV3FZTnk1TE55RDVLMUs2SytWWTcrYmFGRTJ6b044bWpka0NIcENw?= =?utf-8?B?MHJHNk9zbDVvYjIvRXU4K1VJR212NGdLcGo3QS9OUkFyVlVjUm9maUpFSFNR?= =?utf-8?B?Rkhqa0hOSmlDbU9qcTJLbDJVdkVpU0cvRGZpR3hyRS9ydmE0WXBLWmxoUG82?= =?utf-8?B?UC9zcVh1eHhXV3gwTmd6Tkd5Y3FLN01kMkg0R3hIaUNRUDI4cGxvQ3R6NzBD?= =?utf-8?B?QmxhRW9yQVFxQ3A2OUhHMkl3NEJmMU90blY5QzZ5VlJpQjVBc1UxdDU5elZE?= =?utf-8?B?MTdyMjFkc3A5L3FoSXR3QmQwU0Z5THcxNVJwS3VYb2FPVHVLMVRKbjBBLzF1?= =?utf-8?B?OXhiOEJpTTVQY0JjTGUralRtZW5jM3JHeEFSSHk0Z0VXUjY4cVltOHZOV0Zu?= =?utf-8?B?RG55dXlJeVliUEovNmZBaS9lU0NmUXRVVGxZcXl6Y2VkRDQ3TjZvSW8rNDYx?= =?utf-8?B?ekw2Y1VNN05yL25UeTFFcnRxWFRFMFJvVGpEdHZ0aTl4OG1maVQxenJrTUtj?= =?utf-8?B?YjBuaWVCcXFheVlteVZhYmROYWQ1blQ4ZDBNYU05cHJwUEJGVTR3elBtQUxt?= =?utf-8?B?cmQwNEU1bURMSnhBbUVlU0hyWG1jU0p1dlp3V0tLNmJxMXNJWWdBbG1Ta0c5?= =?utf-8?B?ajMwTTVPanBGWFlZL3FRcWIvR3lXa2xOSEg2NEYxNFhDSmRWMHdzNVA1eVRJ?= =?utf-8?B?aTJ3VEl1S1NpejhJVFRTalNoV2FCVDZEcFBwdDlCK0N3bUlTZlZHRW95bGJk?= =?utf-8?B?eGFWZmxaUzFMQTBuZEpMK1FDVjhCWTZ2a1I1cDRIZUUxYWVRaitpTjJScnZQ?= =?utf-8?B?MVNaN1pGMUpvVitpbFgwbDNuSUdHaGdNSUZHclE0cnFYbGJMdksvbjBsa1Zl?= =?utf-8?B?VXJzSjRtUExLdjJ0aFhZYWRYaXc2Z3J0bUN1SVVYMU8vUEpteHNxRnZ6R3Q2?= =?utf-8?B?akdZTW9oekxlWWNxZjg1bUZGRUN2V2crd2ZneTJIRmoxUk9WR0NoWDhlUzBh?= =?utf-8?B?ZU1WbDdyaVB0bjIvdDYra0NUK1ZHQjhJQy9McTZsLzlTSHFBLyszQTZhdGVx?= =?utf-8?B?dHdqcFpsRWQ0YVdqaVR2OTM0TGVxMkhXK0V4VmNhanpkZFV2ZE1mbmErQy9U?= =?utf-8?B?TnhXYjJDcXlnaGZRYjF3NkZIcklkQ2Q4NDdaejhpV3o3YldNL1NnTE8xN0lX?= =?utf-8?B?SDMzT2RkN29hZkNVeS9aR3FIS3lNcW56N3VhUHQ0a1padXVyZHVyMEc0ZU5H?= =?utf-8?B?Qkg0bFo1UTc4T1JCZjNXQ0E3OEVPczVSTFlkd3NYUWI5M2s3c1RmakFucEV4?= =?utf-8?B?VGc9PQ==?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: de06f88c-f146-44b9-c029-08db082f15fb X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Feb 2023 10:44:12.9924 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vqZ/eN8RkE1eIX5KDc2tRv6hqA8qyZRij3eOV9tMnpQpTR2wPb3ASyVLQQWGldOLSbT1OopYyJ1bQ1x82cA3bg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS1PR10MB5745 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean On 06.02.23 11:42, Jan Kiszka wrote: > On 04.02.23 23:23, Simon Glass wrote: >> Hi Jan, >> >> On Fri, 3 Feb 2023 at 23:35, Jan Kiszka wrote: >>> >>> On 04.02.23 01:20, Simon Glass wrote: >>>> Hi Jan, >>>> >>>> On Fri, 3 Feb 2023 at 05:29, Jan Kiszka wrote: >>>>> >>>>> From: Jan Kiszka >>>>> >>>>> Allows to create a public key device tree dtsi for inclusion into U-Boot >>>>> SPL and proper during first build already. This can be achieved via >>>>> CONFIG_DEVICE_TREE_INCLUDES. >>>>> >>>>> Signed-off-by: Jan Kiszka >>>>> --- >>>>> tools/key2dtsi.py | 64 +++++++++++++++++++++++++++++++++++++++++++++++ >>>>> 1 file changed, 64 insertions(+) >>>>> create mode 100755 tools/key2dtsi.py >>>> >>>> Please can you build this into Binman instead? We really don't want >>>> any more of these scripts. Perhaps you can add a new entry type? >>>> >>> >>> I don't think you are requesting something that makes any sense: >>> >>> "Binman creates and manipulate *images* for a board from a set of binaries" >> >> I mean that Binman can include a public key in the DT, if that it was >> you are wanting. We don't want to add scripts for creating images and >> pieces of images. >> >> Perhaps I just don't understand the goal here. How would your script be used? >> > > We feed the generated dtsi into the U-Boot build, using > CONFIG_DEVICE_TREE_INCLUDES. This ensures that will be signed along with > the built artifacts. Have a look at patch 9 for the steps, specifically > the doc update bits. Full bitbake (Isar) integration is available under > [1], specifically [2] in combination with [3]. Correction: Patch 8 (https://lore.kernel.org/u-boot/cover.1675427201.git.jan.kiszka@siemens.com/T/#m48507dd6db008485b2ebfb0e61ec9b779dfaa2fd). > > Jan > > [1] https://github.com/siemens/meta-iot2050/tree/master/recipes-bsp/u-boot > [2] https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/u-boot/files/rules.tmpl > [3] https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/u-boot/files/secure-boot.cfg > -- Siemens AG, Technology Competence Center Embedded Linux