[Buildroot] fitImage: proposal to sign images into fitImage

Mickaël Tansorier mickael.tansorier at smile.fr
Mon Jul 22 07:07:42 UTC 2019


In project, I worked to add option in builroot to sign kernel and 
devicetree image for fitImage.

Uboot support fitImage signature check, but buildroot have no option to 
build fitImage with specific signature.

I would like to propose patch, but I'm not sure about the best practice 
to do that. Have you any suggestion ?
I can send you my patch (draft) to improve it.

My idea is to add variables to get path of `its` file, `dts` to describe 
public key for uboot, and server where to download keys to sign in 
Then in `uboot.mk`:
  - I download keys
  - I replace kernel name, dtb name, and keys name in `its` file. (To 
get right path to its).
  - I replace keys name in `dts` file
  - I compile `dts` to `dtb` with space to add pubic key
  - I compile fitImage with `mkimage`

It could be find if this can be generic.

I appreciate if any of you have idea or suggertion.


Tansorier Mickaël

Smile ECS / OpenWide Ingénierie
Délégué du Personnel pour l'agence de Nantes

[Préserve ta liberté: https://gafam.laquadrature.net/]

More information about the buildroot mailing list