On Fri, Nov 10, 2017 at 07:58:28AM -0200, Fabio Utzig wrote:
I don't think forcing users to change existing key formats would be a
good idea. I would suggest leaving compatibility in place for the
moment. When MCUboot changed the image format for 1.0 a new flag was
added to "new create-image"
Please consider:
In open source development there is always a conflict between discipline
and convenience, as well as between standardization and innovation. Over
the last few decades I laid my eyes on millions of lines of code that were
littered with #ifdef and nested #ifdef statements and
I don't think forcing users to change existing key formats would be a
good idea. I would suggest leaving compatibility in place for the
moment. When MCUboot changed the image format for 1.0 a new flag was
added to "new create-image" command, "-2", to write in the new format.
Maybe if a user
My vote is to affect the change ASAP. I don't know how painful it would be
for other developers; however, carrying legacy implementations forward only
increases the window of security vulnerability. Best to do this now, before
the volume of applications exacerbates the situation.
Thanks.
--Dr.
In my work on https://runtimeco.atlassian.net/browse/MCUB-87 I will be
adding support for password protected private key files to MCUboot's
image signing tool. I would also like to add this support to `newt`
as well.
In order to support this protection, I will likely be moving from the
current