On Thu, Jan 28, 2021 at 09:52:48AM -0600, Alexandru Gagniuc wrote: > Add a test to make sure that the ECDSA signatures generated by > mkimage can be verified successfully. pyCryptodomex was chosen as the > crypto library because it integrates much better with python code. > Using openssl would have been unnecessarily painful. > > Signed-off-by: Alexandru Gagniuc <mr.nuke...@gmail.com> > Reviewed-by: Simon Glass <s...@chromium.org>
So, to run this test I've done a "pip install -r test/py/requirements.txt" to make sure I have everything now needed installed. When I run this test (building in /tmp): +/tmp/.bm-work/sandbox/tools/mkimage -F /tmp/.bm-work/sandbox/test.fit -k/tmp/.bm-work/sandbox/ecdsa-test-key.pem Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem' Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem' Failed to sign 'signature' signature node in 'kernel' image node: -2 Failed to sign 'signature' signature node in 'fdt-1' image node: -2 FIT description: Chrome OS kernel image with one or more FDT blobs ... +fdtget -tbi /tmp/.bm-work/sandbox/test.fit /images/kernel/signature value Error at 'value': FDT_ERR_NOTFOUND Which I think means that since we have a key-name-hint of "dev" it's taking the -k argument as a keydir and that's where it goes wrong. -- Tom
signature.asc
Description: PGP signature
