[Buildroot] fitImage: proposal to sign images into fitImage
mickael.tansorier at smile.fr
Mon Jul 22 07:07:42 UTC 2019
In project, I worked to add option in builroot to sign kernel and
devicetree image for fitImage.
Uboot support fitImage signature check, but buildroot have no option to
build fitImage with specific signature.
I would like to propose patch, but I'm not sure about the best practice
to do that. Have you any suggestion ?
I can send you my patch (draft) to improve it.
My idea is to add variables to get path of `its` file, `dts` to describe
public key for uboot, and server where to download keys to sign in
Then in `uboot.mk`:
- I download keys
- I replace kernel name, dtb name, and keys name in `its` file. (To
get right path to its).
- I replace keys name in `dts` file
- I compile `dts` to `dtb` with space to add pubic key
- I compile fitImage with `mkimage`
It could be find if this can be generic.
I appreciate if any of you have idea or suggertion.
Smile ECS / OpenWide Ingénierie
Délégué du Personnel pour l'agence de Nantes
[Préserve ta liberté: https://gafam.laquadrature.net/]
More information about the buildroot