On 30/09/2020 15:03, Richard Purdie wrote:
On Wed, 2020-09-30 at 11:48 +0100, Usama Arif wrote:
The keys are only generated if they dont exist. The key
generation can be turned off by setting FIT_GENERATE_KEYS to "0".
The default key length for private keys is 2048 and the default
format for public key certificate is x.509.
Signed-off-by: Usama Arif <[email protected]>
---
meta/classes/kernel-fitimage.bbclass | 44 ++++++++++++++++++++++++++++
1 file changed, 44 insertions(+)
diff --git a/meta/classes/kernel-fitimage.bbclass
b/meta/classes/kernel-fitimage.bbclass
index fa4ea6feef..bb2f3c4ccc 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -56,6 +56,22 @@ FIT_HASH_ALG ?= "sha256"
# fitImage Signature Algo
FIT_SIGN_ALG ?= "rsa2048"
+# Generate keys for signing fitImage
+FIT_GENERATE_KEYS ?= "0"
+
+# Size of private key in number of bits
+FIT_SIGN_NUMBITS ?= "2048"
+
+# args to openssl genrsa (Default is just the public exponent)
+FIT_KEY_GENRSA_ARGS ?= "-F4"
+
+# args to openssl req (Default is -batch for non interactive mode and
+# -new for new certificate)
+FIT_KEY_REQ_ARGS ?= "-batch -new"
+
+# Standard format for public key certificate
+FIT_KEY_SIGN_PKCS ?= "-x509"
+
Thanks, I'll queue this. Could you update the documentation for the new
variables please?
Cheers,
Richard
Thanks! I have updated the documentation in
https://lists.yoctoproject.org/g/docs/message/406.
Regards,
Usama
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142936):
https://lists.openembedded.org/g/openembedded-core/message/142936
Mute This Topic: https://lists.openembedded.org/mt/77214734/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
