Hi Denis I'm not entirely sure which FIT image implementation you are using: the one from oe-core or the one from meta-openembedded. Since you are asking me personally, I assume it is the one from oe-core.
I suspect that the classes from meta-openembedded are not compatible with the FIT image implementation in oe-core. But I'm probably not the right person to answer this question, as I don't even understand why a second FIT image implementation was necessary instead of improving the one in oe-core. From my perspective, it would probably be better to extend the run_mkimage_sign function in oe-core with PKCS#11 support than to maintain a second FIT image implementation in meta-openembedded. Another approach is to perform the signing within bitbake using a key from a file. Signing with a more secure PKCS#11 backend can be performed as a re-signing, which is done independently of bitbake as the final step in the release process. Regards, Adrian
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#227298): https://lists.openembedded.org/g/openembedded-core/message/227298 Mute This Topic: https://lists.openembedded.org/mt/113443931/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
