All of lore.kernel.org
 help / color / mirror / Atom feed
* [U-Boot] FitImage add pubkey signature in DTS
@ 2018-05-03  8:32 Clément Péron
  2018-05-03 17:39 ` Larry.Gass at microchip.com
  0 siblings, 1 reply; 2+ messages in thread
From: Clément Péron @ 2018-05-03  8:32 UTC (permalink / raw)
  To: u-boot

Hi,

I'm looking to add the public key for the FitImage signature in my dts.

Do you know if there is a script to add the pubkey in the .dts and not in
the .dtb ?

Actually I "decompile" the .dtb to get those values, but maybe there is an
easier way.

Looking to generate something like this from the RSA keys :
         signature {
                 key-product-dev {
                         required = "conf";
                         algo = "sha1,rsa2048";
                         rsa,r-squared = <0x68b44337 0x916dcfda 0x.....>
                         rsa,modulus = <0xb7929d33 0x34df0e32 0x......>
                         rsa,exponent = <0x0 0x10001>;
                         rsa,n0-inverse = <0x29.....>;
                         rsa,num-bits = <0x800>;
                         key-name-hint = "product-dev";
                 };
         };

Thanks,
Clement

^ permalink raw reply	[flat|nested] 2+ messages in thread
* [U-Boot] FitImage add pubkey signature in DTS
  2018-05-03  8:32 [U-Boot] FitImage add pubkey signature in DTS Clément Péron
@ 2018-05-03 17:39 ` Larry.Gass at microchip.com
  0 siblings, 0 replies; 2+ messages in thread
From: Larry.Gass at microchip.com @ 2018-05-03 17:39 UTC (permalink / raw)
  To: u-boot

On Thu, May 3, 2018 at 1:33 AM, Clément Péron <peron.clem@gmail.com> wrote:
> Subject: [U-Boot] FitImage add pubkey signature in DTS
> 
> Hi,
> 
> I'm looking to add the public key for the FitImage signature in my dts.
> 
> Do you know if there is a script to add the pubkey in the .dts and not in the
> .dtb ?
> 
> Actually I "decompile" the .dtb to get those values, but maybe there is an
> easier way.

Did the same thing. Started with a file pubkey.dts that was "empty":

	/dtc-v1/;
	/ {
	};

Compiled it:
	$ dtc -O dtb pubkey.dts > pubkey.dtb

Created the FIT image:
	$ output/build/uboot-2018.03/tools/mkimage -f linux.its -k keys -r -K pubkey.dtb

De-Compiled it:
	$ dtc -I dtb pubkey.dtb > pubkey.dts

Manually merged pubkey.dts with my "real" device tree (in arch/arm/dts/) . This step is important because it is WAY too easy to lose the signature from the .dtb if you "make clean" or touch your device tree source in any way.

I also would like to see this made easier in some way if it does not already exist.

> 
> Looking to generate something like this from the RSA keys :
>          signature {
>                  key-product-dev {
>                          required = "conf";
>                          algo = "sha1,rsa2048";
>                          rsa,r-squared = <0x68b44337 0x916dcfda 0x.....>
>                          rsa,modulus = <0xb7929d33 0x34df0e32 0x......>
>                          rsa,exponent = <0x0 0x10001>;
>                          rsa,n0-inverse = <0x29.....>;
>                          rsa,num-bits = <0x800>;
>                          key-name-hint = "product-dev";
>                  };
>          };
> 
> Thanks,
> Clement
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> https://lists.denx.de/listinfo/u-boot

Regards,
Larry

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-05-03 17:39 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-03  8:32 [U-Boot] FitImage add pubkey signature in DTS Clément Péron
2018-05-03 17:39 ` Larry.Gass at microchip.com

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.