Hi Jasmin Probably Paul is right: pem versus crt + key is a different thing than ECS versus RSA.
The its specification mentions only crt + key: https://fitspec.osfw.foundation/#configuration-signature-nodes. Are you sure that mkimage works with pem but not with crt + key? My guess is that converting the pem somehow like https://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key would work as well. If Yocto should get support for pem files it should support it for both formats and this should be covered by tests as well. But since the fit spec and the mkimage documentation do not mention pem files also on that side some investigation would probably be needed to ensure this is officially supported. Regards Adrian Paul Barker via lists.openembedded.org <paul= [email protected]> schrieb am Mo., 18. Mai 2026, 19:39: > On Fri, 2026-05-15 at 09:42 +0000, Jamin Lin wrote: > > The key file validation in run_mkimage_sign() unconditionally required > > .key and .crt regardless of the signing algorithm. This prevented ECDSA > > signing which uses a single .pem file. > > > > Extract the check into _check_sign_key_files() and detect the algorithm > > from the algo string (e.g. "sha256,ecdsa384") by scanning all > > comma-separated parts so field order does not matter: > > - ECDSA: requires <keyname>.pem > > - RSA : requires <keyname>.key and <keyname>.crt > > Hi Jamin, > > This contradicts my understanding of cryptographic algorithms and file > formats. To my knowledge, ECDSA & RSA are algorithms, PEM vs .key/.crt > are file formats. You can have an RSA certificate in PEM format, and you > can store the key & cert for use in ECDSA in .key & .crt files if you > want to. > > Am I misunderstanding something here? > > Best regards, > > -- > Paul Barker > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#237262): https://lists.openembedded.org/g/openembedded-core/message/237262 Mute This Topic: https://lists.openembedded.org/mt/119327152/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
