Hi Andy, On Wed, 26 Apr 2023 at 12:49, Andy Pandy <andypandy1...@gmail.com> wrote: > > Hi there, > > First of all, I would like to thank you for the tool, I like it a lot.
Great! > > I've been trying to sign uboot by placing signature section into > configurations section. Something like: > > { > algo = "sha256,rsa2048"; > key-name-hint = "dev"; > sign-images = "fdt", "loadables"; > } > > But I can't find how to sign the second stage uboot, and integrate the public > key into uboot spl device tree with binman. > Prior to binman I used mkimage to do that, as follows: > > mkimage -f uboot.its -K u-boot.dtb -k ./keys -r image.fit > > Could not find it in the documentation, I only saw pre-load, but I am not > sure that this is what I am looking for. > > Would appreciate if you could give some hint on how this could be done. > > Thank you for your help +Ivan Mikhaylov I believe that 'binman sign' does this: https://u-boot.readthedocs.io/en/latest/develop/package/binman.html#signing-fit-container-with-private-key-in-an-image Regards, Simon