Hi T,
On 2/6/26 12:04 PM, T Pratham wrote:
[You don't often get email from [email protected]. Learn why this is important
at https://aka.ms/LearnAboutSenderIdentification ]
This series adds support to use a custom key provided via Make during
build for signing the bootloader binaries, and updates the k3-binman to
use it.
Can't you use the same mechanism we have for adding the pubkey to the
SPL DTB (see tools/binman/etype/u_boot_spl_pubkey_dtb.py)?
We use key-name-hint property which is a key filename without the .crt
extension, you don't necessarily need to reuse this (but I think it
makes sense) but sharing the logic for finding the key seems more
interesting to me.
We try to find the key with tools.get_input_filename(self._key_name_hint
+ ".crt"). The paths that are traversed can be specified with
BINMAN_INDIRS. This should help with not having to add yet another
variable. Set allow_missing to True and if it returns None, then use the
key listed in the filename property?
Also, is there really a need for separate binman image just for keys?
Can't you have ti-secure/ti-secure-rom use key-name-hint directly to
avoid yet another binman entry?
Cheers,
Quentin
