Repository: incubator-mynewt-core Updated Branches: refs/heads/develop 73418c724 -> 8ff24d5ae
signed_images.md; include ECC key generation steps in the doc. Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/8ff24d5a Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/8ff24d5a Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/8ff24d5a Branch: refs/heads/develop Commit: 8ff24d5aed803bca3a1e0cd52be45c908a841318 Parents: 73418c7 Author: Marko Kiiskila <[email protected]> Authored: Wed Dec 28 17:39:45 2016 -0800 Committer: Marko Kiiskila <[email protected]> Committed: Wed Dec 28 17:39:45 2016 -0800 ---------------------------------------------------------------------- boot/bootutil/signed_images.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/8ff24d5a/boot/bootutil/signed_images.md ---------------------------------------------------------------------- diff --git a/boot/bootutil/signed_images.md b/boot/bootutil/signed_images.md index e7cc2dd..af9e787 100644 --- a/boot/bootutil/signed_images.md +++ b/boot/bootutil/signed_images.md @@ -50,15 +50,16 @@ openssl rsa -in image_sign.pem -pubout -out image_sign_pub.der -outform DER -RSA Now the public key is in file called image_sign_pub.der. +For ECC these commands are similar. + +openssl ecparam -name secp224r1 -genkey -noout -out image_sign.pem +openssl ec -in image_sign.pem -pubout -outform DER -out image_sign_pub.der + ## Creating a key package xxd -i image_sign_pub.der image_sign_pub.c.import Then you need to create a package containing this key, or keys. -In the pkg.yml for this package, you advertise feature IMAGE_KEYS_RSA or -IMAGE_KEYS_EC. -Once this is done, bootloader will expect keys to be filled in -'bootutil_keys', and the number of keys to be in 'bootutil_key_cnt'. ## Sample pkg.yml This gets bootutil to turn on image signature validation. @@ -93,3 +94,4 @@ file After you've created the key package, you must include it in the build for bootloader. So modify the pkg.yml for apps/boot to include it. +
