On Fri, Apr 29, 2016 at 4:09 PM, Simon Glass <s...@chromium.org> wrote:
> Hi Teddy,
>
> On 25 April 2016 at 10:25, Teddy Reed <teddy.r...@gmail.com> wrote:
>> Hi all,
>>
>> I'm curious if anyone has a script (or if I've missed something within
>> the verified-boot documentation) to compile a DTB given only public
>> keying information, i.e., a x509 certificate.
>>
>> I have build/test bots that need to build a u-boot with an
>> extra/embedded DTB containing a signing public key. I do not want the
>> private key on those hosts and the only way I've found to build the
>> documented/required nodes in /signature/key-KEYNAME/
>> ('rsa,r-squared','rsa,modulus', 'rsa,n0-inverse' and 'rsa-num-bits')
>> is by using mkimage on a FIT with the -K switch. That requires a
>> private key to do the actual signing.
>>
>> I'm happy to write something, just want to ask first!
>
> Not on my side, sorry. Would be useful.
>Ok! I can't make any promises of completeness, but I quickly hacked together https://github.com/theopolis/fit-certificate-store, to do this. I'll iterate on it over the next few weeks, and I'm more than happy to take bugs/criticism via Github PRs. >> >> Thanks! >> >> -- >> Teddy Reed V > > Regards, > Simon _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
