On Thu, May 3, 2018 at 1:33 AM, Clément Péron <peron.c...@gmail.com> wrote: > Subject: [U-Boot] FitImage add pubkey signature in DTS > > Hi, > > I'm looking to add the public key for the FitImage signature in my dts. > > Do you know if there is a script to add the pubkey in the .dts and not in the > .dtb ? > > Actually I "decompile" the .dtb to get those values, but maybe there is an > easier way.
Did the same thing. Started with a file pubkey.dts that was "empty": /dtc-v1/; / { }; Compiled it: $ dtc -O dtb pubkey.dts > pubkey.dtb Created the FIT image: $ output/build/uboot-2018.03/tools/mkimage -f linux.its -k keys -r -K pubkey.dtb De-Compiled it: $ dtc -I dtb pubkey.dtb > pubkey.dts Manually merged pubkey.dts with my "real" device tree (in arch/arm/dts/) . This step is important because it is WAY too easy to lose the signature from the .dtb if you "make clean" or touch your device tree source in any way. I also would like to see this made easier in some way if it does not already exist. > > Looking to generate something like this from the RSA keys : > signature { > key-product-dev { > required = "conf"; > algo = "sha1,rsa2048"; > rsa,r-squared = <0x68b44337 0x916dcfda 0x.....> > rsa,modulus = <0xb7929d33 0x34df0e32 0x......> > rsa,exponent = <0x0 0x10001>; > rsa,n0-inverse = <0x29.....>; > rsa,num-bits = <0x800>; > key-name-hint = "product-dev"; > }; > }; > > Thanks, > Clement > _______________________________________________ > U-Boot mailing list > U-Boot@lists.denx.de > https://lists.denx.de/listinfo/u-boot Regards, Larry _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot