On 07.02.23 05:02, Simon Glass wrote: > Hi Jan, > > On Mon, 6 Feb 2023 at 03:42, Jan Kiszka <jan.kis...@siemens.com> wrote: >> >> On 04.02.23 23:23, Simon Glass wrote: >>> Hi Jan, >>> >>> On Fri, 3 Feb 2023 at 23:35, Jan Kiszka <jan.kis...@siemens.com> wrote: >>>> >>>> On 04.02.23 01:20, Simon Glass wrote: >>>>> Hi Jan, >>>>> >>>>> On Fri, 3 Feb 2023 at 05:29, Jan Kiszka <jan.kis...@siemens.com> wrote: >>>>>> >>>>>> From: Jan Kiszka <jan.kis...@siemens.com> >>>>>> >>>>>> Allows to create a public key device tree dtsi for inclusion into U-Boot >>>>>> SPL and proper during first build already. This can be achieved via >>>>>> CONFIG_DEVICE_TREE_INCLUDES. >>>>>> >>>>>> Signed-off-by: Jan Kiszka <jan.kis...@siemens.com> >>>>>> --- >>>>>> tools/key2dtsi.py | 64 +++++++++++++++++++++++++++++++++++++++++++++++ >>>>>> 1 file changed, 64 insertions(+) >>>>>> create mode 100755 tools/key2dtsi.py >>>>> >>>>> Please can you build this into Binman instead? We really don't want >>>>> any more of these scripts. Perhaps you can add a new entry type? >>>>> >>>> >>>> I don't think you are requesting something that makes any sense: >>>> >>>> "Binman creates and manipulate *images* for a board from a set of binaries" >>> >>> I mean that Binman can include a public key in the DT, if that it was >>> you are wanting. We don't want to add scripts for creating images and >>> pieces of images. >>> >>> Perhaps I just don't understand the goal here. How would your script be >>> used? >>> >> >> We feed the generated dtsi into the U-Boot build, using >> CONFIG_DEVICE_TREE_INCLUDES. This ensures that will be signed along with >> the built artifacts. Have a look at patch 9 for the steps, specifically >> the doc update bits. Full bitbake (Isar) integration is available under >> [1], specifically [2] in combination with [3]. >> > > OK, so is Binman run in this case? >
It's run at the end of the build, to assemble the unsigned flash.bin. And it should have been used also for signing that image (patch 8, see the other discussion). Jan >> Jan >> >> [1] https://github.com/siemens/meta-iot2050/tree/master/recipes-bsp/u-boot >> [2] >> https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/u-boot/files/rules.tmpl >> [3] >> https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/u-boot/files/secure-boot.cfg >> >> -- >> Siemens AG, Technology >> Competence Center Embedded Linux >> > > Regards, > Simon -- Siemens AG, Technology Competence Center Embedded Linux
