* [U-Boot] FitImage add pubkey signature in DTS
@ 2018-05-03 8:32 Clément Péron
2018-05-03 17:39 ` Larry.Gass at microchip.com
0 siblings, 1 reply; 2+ messages in thread
From: Clément Péron @ 2018-05-03 8:32 UTC (permalink / raw)
To: u-boot
Hi,
I'm looking to add the public key for the FitImage signature in my dts.
Do you know if there is a script to add the pubkey in the .dts and not in
the .dtb ?
Actually I "decompile" the .dtb to get those values, but maybe there is an
easier way.
Looking to generate something like this from the RSA keys :
signature {
key-product-dev {
required = "conf";
algo = "sha1,rsa2048";
rsa,r-squared = <0x68b44337 0x916dcfda 0x.....>
rsa,modulus = <0xb7929d33 0x34df0e32 0x......>
rsa,exponent = <0x0 0x10001>;
rsa,n0-inverse = <0x29.....>;
rsa,num-bits = <0x800>;
key-name-hint = "product-dev";
};
};
Thanks,
Clement
^ permalink raw reply [flat|nested] 2+ messages in thread
* [U-Boot] FitImage add pubkey signature in DTS
2018-05-03 8:32 [U-Boot] FitImage add pubkey signature in DTS Clément Péron
@ 2018-05-03 17:39 ` Larry.Gass at microchip.com
0 siblings, 0 replies; 2+ messages in thread
From: Larry.Gass at microchip.com @ 2018-05-03 17:39 UTC (permalink / raw)
To: u-boot
On Thu, May 3, 2018 at 1:33 AM, Clément Péron <peron.clem@gmail.com> wrote:
> Subject: [U-Boot] FitImage add pubkey signature in DTS
>
> Hi,
>
> I'm looking to add the public key for the FitImage signature in my dts.
>
> Do you know if there is a script to add the pubkey in the .dts and not in the
> .dtb ?
>
> Actually I "decompile" the .dtb to get those values, but maybe there is an
> easier way.
Did the same thing. Started with a file pubkey.dts that was "empty":
/dtc-v1/;
/ {
};
Compiled it:
$ dtc -O dtb pubkey.dts > pubkey.dtb
Created the FIT image:
$ output/build/uboot-2018.03/tools/mkimage -f linux.its -k keys -r -K pubkey.dtb
De-Compiled it:
$ dtc -I dtb pubkey.dtb > pubkey.dts
Manually merged pubkey.dts with my "real" device tree (in arch/arm/dts/) . This step is important because it is WAY too easy to lose the signature from the .dtb if you "make clean" or touch your device tree source in any way.
I also would like to see this made easier in some way if it does not already exist.
>
> Looking to generate something like this from the RSA keys :
> signature {
> key-product-dev {
> required = "conf";
> algo = "sha1,rsa2048";
> rsa,r-squared = <0x68b44337 0x916dcfda 0x.....>
> rsa,modulus = <0xb7929d33 0x34df0e32 0x......>
> rsa,exponent = <0x0 0x10001>;
> rsa,n0-inverse = <0x29.....>;
> rsa,num-bits = <0x800>;
> key-name-hint = "product-dev";
> };
> };
>
> Thanks,
> Clement
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> https://lists.denx.de/listinfo/u-boot
Regards,
Larry
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-05-03 17:39 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-03 8:32 [U-Boot] FitImage add pubkey signature in DTS Clément Péron
2018-05-03 17:39 ` Larry.Gass at microchip.com
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.