Hi all,
I'm curious if anyone has a script (or if I've missed something within
the verified-boot documentation) to compile a DTB given only public
keying information, i.e., a x509 certificate.
I have build/test bots that need to build a u-boot with an
extra/embedded DTB containing a signing public key. I do not want the
private key on those hosts and the only way I've found to build the
documented/required nodes in /signature/key-KEYNAME/
('rsa,r-squared','rsa,modulus', 'rsa,n0-inverse' and 'rsa-num-bits')
is by using mkimage on a FIT with the -K switch. That requires a
private key to do the actual signing.
I'm happy to write something, just want to ask first!
Thanks!
--
Teddy Reed V
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
