Hi Rasmus, On Tue, 11 Feb 2020 at 02:49, Rasmus Villemoes <[email protected]> wrote: > > Having to use the -K option to mkimage to populate U-Boot's .dtb with the > public key while signing the kernel FIT image is often a little > awkward. In particular, when using a meta-build system such as > bitbake/Yocto, having the tasks of the kernel and U-Boot recipes > intertwined, modifying deployed artifacts and rebuilding U-Boot with > an updated .dtb is quite cumbersome. Also, in some scenarios one may > wish to build U-Boot complete with the public key(s) embedded in the > .dtb without the corresponding private keys being present on the same > build host. > > So this adds a simple tool that allows one to disentangle the kernel > and U-Boot builds, by simply copy-pasting just enough of the mkimage > code to allow one to add a public key to a .dtb. When using mkimage, > some of the information is taken from the .its used to build the > kernel (algorithm and key name), so that of course needs to be > supplied on the command line. > > Signed-off-by: Rasmus Villemoes <[email protected]> > --- > tools/.gitignore | 1 + > tools/Makefile | 3 ++ > tools/fdt_add_pubkey.c | 96 ++++++++++++++++++++++++++++++++++++++++++ > 3 files changed, 100 insertions(+) > create mode 100644 tools/fdt_add_pubkey.c
Would it be possible to modify mkimage instead, with another flag? Regards, Simon
