In order to reduce the coupling between building the kernel and U-Boot, I'd like a tool that can add a public key to U-Boot's dtb without simultaneously signing a FIT image. That tool doesn't seem to exist, so I stole the necessary pieces from mkimage et al and put it in a single .c file.
I'm still working on the details of my proposed "require just k out these n required keys" and how it should be implemented, but it will probably involve teaching this tool a bunch of new options. These patches are not necessarily ready for inclusion (unless someone else finds fdt_add_pubkey useful as is), but I thought I might as well send it out for early comments. Roman Kopytin (2): tools: add fdt_add_pubkey test_vboot.py: include test of fdt_add_pubkey tool test/py/tests/test_vboot.py | 8 +++ tools/.gitignore | 1 + tools/Makefile | 3 + tools/fdt_add_pubkey.c | 130 ++++++++++++++++++++++++++++++++++++ 4 files changed, 142 insertions(+) create mode 100644 tools/fdt_add_pubkey.c -- 2.25.1
