Hi all, in order to use CONFIG_FIT_SIGNATURE and also CONFIG_SPL_FIT_SIGNATURE, a public key needs to be placed into the control FDT. So far, I only found mkimage being able to do that during FIT image signing. That is fairly unhandy and often incompatible with how firmware is built & signed vs. how the lifecycle of the artifacts to be loaded and verified look like. Is there really no other way than mkimage -K?
I'm currently considering to derive a tool that, given a public key (which is easy to hand around, compared to the private key needed for signing), injects them into a FDT. Then I would hook that up as generic feature for U-Boot builds, enriching all control FTDs already during the first build with this when requested. Am I missing an even simpler approach? Thanks, Jan -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux
