Repository: incubator-mynewt-core Updated Branches: refs/heads/develop d08a47c1e -> aa27be58c
bootutil; add info about how to create keys for ECC 256. Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/aa27be58 Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/aa27be58 Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/aa27be58 Branch: refs/heads/develop Commit: aa27be58cc83f7aee66e768f58d0de0cac8f47c7 Parents: d08a47c Author: Marko Kiiskila <[email protected]> Authored: Thu Dec 29 17:38:54 2016 -0800 Committer: Marko Kiiskila <[email protected]> Committed: Thu Dec 29 17:38:54 2016 -0800 ---------------------------------------------------------------------- boot/bootutil/signed_images.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/aa27be58/boot/bootutil/signed_images.md ---------------------------------------------------------------------- diff --git a/boot/bootutil/signed_images.md b/boot/bootutil/signed_images.md index af9e787..80bac7b 100644 --- a/boot/bootutil/signed_images.md +++ b/boot/bootutil/signed_images.md @@ -50,11 +50,15 @@ openssl rsa -in image_sign.pem -pubout -out image_sign_pub.der -outform DER -RSA Now the public key is in file called image_sign_pub.der. -For ECC these commands are similar. +For ECDSA224 these commands are similar. openssl ecparam -name secp224r1 -genkey -noout -out image_sign.pem openssl ec -in image_sign.pem -pubout -outform DER -out image_sign_pub.der +And then the ECDSA256. +openssl ecparam -name prime256v1 -genkey -noout -out image_sign.pem +openssl ec -in image_sign.pem -pubout -outform DER -out image_sign_pub.der + ## Creating a key package xxd -i image_sign_pub.der image_sign_pub.c.import @@ -95,3 +99,5 @@ file After you've created the key package, you must include it in the build for bootloader. So modify the pkg.yml for apps/boot to include it. +The syscfg variable to enable ECDSA224 is BOOTUTIL_SIGN_EC, and +BOOTUTIL_SIGN_EC256 for ECDS256.
