Hi Simon, Am Montag, 20. April 2020, 01:38:20 CEST schrieb Simon Glass: > On Fri, 17 Apr 2020 at 16:07, Heiko Stuebner <he...@sntech.de> wrote: > > > > From: Heiko Stuebner <heiko.stueb...@theobroma-systems.com> > > > > If the newly added fit-generator key-options are found, append needed > > signature nodes to all generated image blocks, so that they can get > > signed when mkimage later compiles the .itb from the generated .its. > > > > Signed-off-by: Heiko Stuebner <heiko.stueb...@theobroma-systems.com> > > --- > > arch/arm/mach-rockchip/make_fit_atf.py | 51 +++++++++++++++++++++++++- > > 1 file changed, 50 insertions(+), 1 deletion(-) > > Was there an effort to move this to binman?
The generation really is part of the core build process. When creating the u-boot.itb with signed entries, mkimage -K writes the data of the used key to dt-spl.dtb which then gets put into the spl binary. [spl needs the key-data in its dtb to verify the signatures] So I don't really see how this would work without moving the whole spl generation to binman. Heiko
