From: Jan Kiszka
The underlying issue was fixed in the meantime. Also signing the U-Boot
proper fit image now works. Just supporting custom cert templates
remains a todo.
Signed-off-by: Jan Kiszka
---
CC: Simon Glass
---
tools/iot2050-sign-fw.sh | 9 ++---
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/tools/iot2050-sign-fw.sh b/tools/iot2050-sign-fw.sh
index 4d1d79498c2..3f953c09ed9 100755
--- a/tools/iot2050-sign-fw.sh
+++ b/tools/iot2050-sign-fw.sh
@@ -39,13 +39,8 @@ CERT_X509=$(mktemp .crt)
openssl req -new -x509 -key $1 -nodes -outform DER -out $CERT_X509 -config
$TEMP_X509 -sha512
cat $CERT_X509 tispl.bin > tispl.bin_signed
-# currently broken in upstream
-#source/tools/binman/binman replace -i flash.bin -f tispl.bin_signed
blob@0x18
-dd if=tispl.bin_signed of=flash.bin bs=$((0x1000)) seek=$((0x18/0x1000))
conv=notrunc
+source/tools/binman/binman replace -i flash.bin -f tispl.bin_signed
fit@0x18
rm $TEMP_X509 $CERT_X509
-tools/mkimage -G $1 -r -o sha256,rsa4096 -F f...@0x38.fit
-# currently broken in upstream
-#source/tools/binman/binman replace -i flash.bin -f f...@0x38.fit
fit@0x38
-dd if=f...@0x38.fit of=flash.bin bs=$((0x1000)) seek=$((0x38/0x1000))
conv=notrunc
+source/tools/binman/binman sign -i flash.bin -k $1 -a sha256,rsa4096
fit@0x38
--
2.35.3