On Wed, 2020-09-30 at 11:48 +0100, Usama Arif wrote: > The keys are only generated if they dont exist. The key > generation can be turned off by setting FIT_GENERATE_KEYS to "0". > The default key length for private keys is 2048 and the default > format for public key certificate is x.509. > > Signed-off-by: Usama Arif <[email protected]> > --- > meta/classes/kernel-fitimage.bbclass | 44 ++++++++++++++++++++++++++++ > 1 file changed, 44 insertions(+) > > diff --git a/meta/classes/kernel-fitimage.bbclass > b/meta/classes/kernel-fitimage.bbclass > index fa4ea6feef..bb2f3c4ccc 100644 > --- a/meta/classes/kernel-fitimage.bbclass > +++ b/meta/classes/kernel-fitimage.bbclass > @@ -56,6 +56,22 @@ FIT_HASH_ALG ?= "sha256" > # fitImage Signature Algo > FIT_SIGN_ALG ?= "rsa2048" > > +# Generate keys for signing fitImage > +FIT_GENERATE_KEYS ?= "0" > + > +# Size of private key in number of bits > +FIT_SIGN_NUMBITS ?= "2048" > + > +# args to openssl genrsa (Default is just the public exponent) > +FIT_KEY_GENRSA_ARGS ?= "-F4" > + > +# args to openssl req (Default is -batch for non interactive mode and > +# -new for new certificate) > +FIT_KEY_REQ_ARGS ?= "-batch -new" > + > +# Standard format for public key certificate > +FIT_KEY_SIGN_PKCS ?= "-x509" > +
Thanks, I'll queue this. Could you update the documentation for the new variables please? Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142935): https://lists.openembedded.org/g/openembedded-core/message/142935 Mute This Topic: https://lists.openembedded.org/mt/77214734/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
