Hi Teddy, On 29 April 2016 at 18:44, Teddy Reed <[email protected]> wrote: > On Fri, Apr 29, 2016 at 4:09 PM, Simon Glass <[email protected]> wrote: >> Hi Teddy, >> >> On 25 April 2016 at 10:25, Teddy Reed <[email protected]> wrote: >>> Hi all, >>> >>> I'm curious if anyone has a script (or if I've missed something within >>> the verified-boot documentation) to compile a DTB given only public >>> keying information, i.e., a x509 certificate. >>> >>> I have build/test bots that need to build a u-boot with an >>> extra/embedded DTB containing a signing public key. I do not want the >>> private key on those hosts and the only way I've found to build the >>> documented/required nodes in /signature/key-KEYNAME/ >>> ('rsa,r-squared','rsa,modulus', 'rsa,n0-inverse' and 'rsa-num-bits') >>> is by using mkimage on a FIT with the -K switch. That requires a >>> private key to do the actual signing. >>> >>> I'm happy to write something, just want to ask first! >> >> Not on my side, sorry. Would be useful. >> > > Ok! > > I can't make any promises of completeness, but I quickly hacked > together https://github.com/theopolis/fit-certificate-store, to do > this. > I'll iterate on it over the next few weeks, and I'm more than happy to > take bugs/criticism via Github PRs.
Looks good. At some point will you do a U-Boot patch? Regards, Simon _______________________________________________ U-Boot mailing list [email protected] http://lists.denx.de/mailman/listinfo/u-boot
