From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, MSGID_FROM_MTA_HEADER,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7901C4338F for ; Mon, 2 Aug 2021 09:37:38 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1DA70610CC for ; Mon, 2 Aug 2021 09:37:38 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 1DA70610CC Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=prevas.dk Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E937582DD5; Mon, 2 Aug 2021 11:37:35 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=prevas.dk Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=prevas.dk header.i=@prevas.dk header.b="k6Pn3Yn6"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 947CB8337D; Mon, 2 Aug 2021 11:37:33 +0200 (CEST) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on0720.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::720]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id BBE3180082 for ; Mon, 2 Aug 2021 11:37:30 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=prevas.dk Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=rasmus.villemoes@prevas.dk ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AjC1Fg3elV/kyiR2ThPL3pEnOai62hONa8wbKpJ/WjZe81lfiAorHg1/4HIgivZfdFqnNNIhpVNnkuM6QS/4jc/ld8apTxlSUafOXJv6a03NOF00dV8beb/j7UUFVLolSQLhpwao9DUGA/Z+RRqN+9jg8nu5l6j18X/FVL3QL4oUTFujcPoEuH/q4JXtoG0h+iF6BOO5xEu4ub8C4ktdQWXstGJNY/E1A0t1e/ZkqJ2gdgALFtMh8WUToJV5xRiasrF3JartaDJsu+l0W9tTzCygi7FMjn7CDBFKbFa22WiC/4xsg9+fFyNId66d4LCWuPswSisbRzPUnhpj/F95Mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eByMOd6so4sCvyc0IRoVREcyTGCWn+FJ+rQ92VzYJg8=; b=ZvtaCJc5CYg39RVnTruOUoHGHyCUsKzA7eXQwJ5t3vl1i4hvXVnNb5SsLTETONkEPTjR8zY19dV9goNfP+xUtK7rSDjvLy3NxVrKg561CTUTJ+mcvRzdQKAQruN9CTDwLPl5u5+lnrBCni7l8k7xewWvl5yc8cyc5tIGSMetWsi5ouvLaG2Nzw15YRqS1lqS4MzWDaT3NuPeOY5UpqdOPkZ50OqUqBubkgHJMO/7m5QNMj4Tpf/zMnccsnnKMwR793oYjWtV8LzeW+fEb6+hXxyrhzbdeF+m03qQ306l3zB/HeObQLeOSUTX+EmMIUV8w3Hg7Ugy4IKVmubXfEVsUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=prevas.dk; dmarc=pass action=none header.from=prevas.dk; dkim=pass header.d=prevas.dk; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=prevas.dk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eByMOd6so4sCvyc0IRoVREcyTGCWn+FJ+rQ92VzYJg8=; b=k6Pn3Yn61mRORdZOssHJDKz8xtaTuvBfGTAz3r/xIIqIzz5tVaNsAsogr1ZuGAUpqmmU0g4QRzmg60wpf3jdDtRyVabygUUcVfrAepj57THHYsX+XfFu6qZEMCJI36KvRqxbfjXGOWwsAhcIjNT6MyjIaI7HWqMTLfznx+7i0OY= Authentication-Results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=prevas.dk; Received: from AM0PR10MB1874.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:3f::10) by AM9PR10MB4499.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:266::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.21; Mon, 2 Aug 2021 09:37:29 +0000 Received: from AM0PR10MB1874.EURPRD10.PROD.OUTLOOK.COM ([fe80::fc83:36a5:db02:3dbb]) by AM0PR10MB1874.EURPRD10.PROD.OUTLOOK.COM ([fe80::fc83:36a5:db02:3dbb%7]) with mapi id 15.20.4373.026; Mon, 2 Aug 2021 09:37:29 +0000 Subject: Re: U-boot To: Roman Kopytin , Simon Glass Cc: Thomas Perrot , Michael Nazzareno Trimarchi , U-Boot-Denx , Alex Kiernan References: <25743c08c4b34f9791e39e687399f802@kaspersky.com> <94d75c521aed46dbb54a8275be2f529e@kaspersky.com> <79544e1e9256d8c1c9f36978b15b294b518d480b.camel@bootlin.com> <11ae1091-bf2d-800f-d513-840119655fb2@prevas.dk> <55a1a03c621f4cdea36f12ebd2cde976@kaspersky.com> From: Rasmus Villemoes Message-ID: <0e75f275-d661-7b75-6da8-91ecec53d78c@prevas.dk> Date: Mon, 2 Aug 2021 11:37:27 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: <55a1a03c621f4cdea36f12ebd2cde976@kaspersky.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-ClientProxiedBy: HE1PR05CA0321.eurprd05.prod.outlook.com (2603:10a6:7:92::16) To AM0PR10MB1874.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:3f::10) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [172.16.11.1] (81.216.59.226) by HE1PR05CA0321.eurprd05.prod.outlook.com (2603:10a6:7:92::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.18 via Frontend Transport; Mon, 2 Aug 2021 09:37:28 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 316f5203-cb84-4e47-8ee8-08d955992559 X-MS-TrafficTypeDiagnostic: AM9PR10MB4499: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Tp+Nfy5PeH+FPB8nDMOx7vlv27Oefz/xMZrEkn1IuKpVNzOxkJmn3LwOoomPEtZMaPMC4HP7hk0mIvQUBBGO7BNB0/qZTgiqggxA5LSzQpep5ykAp4OSz0Sp5VrM9QpH6Qp4fsXj2SxoqdwL0n2Igd+yQbggPub3NkwXDLQeo4ecECB8q+1Z0FrGtlkkrEwaVJ+O0/pLsmcybYHKNZq9bXmB3p/rPVEB5R+StowkVDcM7c33vaNydAQzGt0EZAMbXkzJrZIk2V9L1lxcqiUk8FMlI2SslMSP+5N1eHkjn2peLUEcJaA2FlcfdJAcIkEsKNwD1Ml7Ffitqru+vLZ6e2t1YUi50xmge8YNniWKrYs33XZPlQkeNRxL3JYNObC22tvdfz7bgVLf5fiJiQIlrsjlkGfoKUYTSv1105/frCry7zj13inQKuuAIwzQPZ3LW4m/Y+2s35v2OuDksCdo7looFqfUpG1hX/U2XLzFULwoetGliZr2OKENXpUeRYG2Yz2nvnNOs1kxrtvB7G6Stn8PBcPHrVneAKTDNXgDWsj2f6g7Q2frQ9Ao4VpvrlQQk9iWU3euiCumseERiGKycr061nZ2nYTV1+ylayQRCbNumCbX0CPVL/jztDwtOA4XAeIDGIiemjczluw0V2Y/H32eHQIUq48BVuuOzWF1eOE2Zl1eUEJ/R6WcTceeDq9pNCX3Qy01HsU3vi9gALD2So8p2FiOPhAs44PK/CLKgUDVJkhtTGJsBG7mH+38iy6q5IR5aBBuP2WNyWKd4oD11w== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB1874.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(39840400004)(136003)(396003)(376002)(366004)(346002)(2906002)(2616005)(26005)(52116002)(3480700007)(8976002)(956004)(186003)(8676002)(44832011)(110136005)(54906003)(16576012)(8936002)(83380400001)(38350700002)(38100700002)(316002)(6486002)(86362001)(31696002)(36756003)(66556008)(66476007)(4326008)(5660300002)(31686004)(478600001)(66946007)(43740500002)(45980500001); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cTBJRE9yeTBaVHpCN2dRSFg0YmhNc2luQkxqc00rdDBzdFp0dmovSE5xUjBG?= =?utf-8?B?QXRtVk8xZVlsTTdsTWI5T3Q2ckVtc25VdkdpVFdNWHdLK1MrRkNoSjlENHV6?= =?utf-8?B?Q3pJM09QNnVqbGZwRXFIdUk3K2hSL0xoQm9oRTdBMTc3SGVNZkc4blBzL2Vz?= =?utf-8?B?ZEhOU2pJZ3hBYnRyWTV3T3p1TVBvM1IxVVFoa1pSOERPaktMQytqRThPY0ha?= =?utf-8?B?emVWQ2tSSFFGVjhJa1RMUmZCY1NCRjBZdVdRYjNxcXhJMjlVdVJEZUQwZk1G?= =?utf-8?B?cU53UVZrS1FjZTFHZytJUTNMd3dKdnZDeCtNWW0yYTU2Q1NXeEt6QVZnS0hR?= =?utf-8?B?NmNOTUJjakkrbWpSb09kWktmUW55Z0QySFZFWENKMU10QlI4aGNDcm03UHpK?= =?utf-8?B?WDh5VzRuTDIybytoMjVBZEFabWE2RE5pTXVmdnJiTW80OHNnZ3pPM1VVSkxp?= =?utf-8?B?bVAyU1pVWlUxZnNRV0RaOVNRd1pYcWI4UGJpUXlrSksxWWpmZHpxNEtoU1ZN?= =?utf-8?B?U3JRVU92cHBNam15UFVGcFY3dXJiaUQ3aE1uaTcvVVVxU3ZCR1ROR0ZTMmJH?= =?utf-8?B?Vitxd2xUSTUrVURFVE1oWlYzTTVsaHJxakZJS0RGRm53bis0N3cxdVRDQ3Vj?= =?utf-8?B?Y3J0dU1oR1I0SUJlY1BQcC9vdDBSMVEwTnJEaWJHS2lubkljNEFJRU01b2Zu?= =?utf-8?B?Q2hJRlVQR1RISXQ2U3ozRjN3UngrMHY0OXdVRGJZN0R2a1d1TExiWTdBL0RN?= =?utf-8?B?OHBGYnFmMjRBNlBLQXJFM1dtMXEwSmI4bWMxbG0wbnYzdFkrb0ptdVR5MU1L?= =?utf-8?B?anFGQUYxbGwvQkRMaiswUmQyKzNzSVJNd1dnK3pla3BiaHlzYXFLeUJtOFNB?= =?utf-8?B?VTNDUDJoZTJpTHI0Nzl1eE82SldSQ2I4U3F2RWxvSE03Z0ZvZ3MzNlBLaUFr?= =?utf-8?B?ZDYzb2dGc3MwM0laRjBQQlpqdjBrWXZjdTBrMG1PUFhRWS8rYlFSSDNoa0x5?= =?utf-8?B?YjloRU80RDNLblpWQnBOcnNYUXNuK2FIOGozdVFUSWV6M2NxRFBtZ1p4NThn?= =?utf-8?B?S2FMS0FNMFVPTXhCdE9QQ2Z6blVEMkVabWxEeXp6V1JkZVc2cFc2NCtZTHdt?= =?utf-8?B?M3I2QmNoaHFWekJtMGFwSlBhM04rY05lTzUxQUczd0l6ZVgyc0xqOVBtWXht?= =?utf-8?B?S01BNXZ2MW9Bb0JWYTRScHFXQ3BUSHI2M2g5L29USUlGWkhqaHZCRjFRUE5H?= =?utf-8?B?N3dXSmtPYW9kRlpyWDFtbk93MWhMbUp5SXNqdDZudlFhMUNVT0pKOEVhS0ZZ?= =?utf-8?B?REJZcTFudUxOeThzQ3dzcGttTlNSc05sLzVOWFB3aGs4VlVNeXRmZThwdEZW?= =?utf-8?B?L29FUyt5Q3VldmpBUW5jRVhrWmRVa1JSa1RDMUF4TkFKZ21OMW92UDhxL0dB?= =?utf-8?B?cThkYUNhaitvUElpUlN3R3NkdE94Y2dUUmROSzhjNjV1NE1WR2tRcXluOTVM?= =?utf-8?B?MkRYNmgrc3M4cHRiWUFBaXdRM0tMUDJXRW5GR3ppUmhwZmNJL2E0MTZsenBZ?= =?utf-8?B?bHpEbU1LNXJwcElndmxDaUlwUGUvNFF6SFRpQk53SFFtSVRlcDJCY2ZoZGtK?= =?utf-8?B?ejlGU3p4MWRKVy9BK1hHS0pqb2ZjeklCZERRL1d5Yk8ya1NXeWhJcnR6RHZv?= =?utf-8?B?Sm1Qc05EckcxWVF3RG5LRVEydzl3K1R1U1FKcy91RU1PTjlGaFdQZFErTHdJ?= =?utf-8?Q?v+u8nHv7aAvlnufubOoW+25LZtmO7DVtSA5SB3C?= X-OriginatorOrg: prevas.dk X-MS-Exchange-CrossTenant-Network-Message-Id: 316f5203-cb84-4e47-8ee8-08d955992559 X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB1874.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Aug 2021 09:37:29.6578 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d350cf71-778d-4780-88f5-071a4cb1ed61 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 6rDeGPZ+AkKXonS9fkijJqd8H0XrWIs6LBT0HSH1Cfij3rfMuBrmN/bZZr54PDDeeDyoyCqLXkkScqZXql0kwC+G+xQBv5yHcNMnfSHCBD4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR10MB4499 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On 02/08/2021 11.25, Roman Kopytin wrote: > Thanks a lot! > Yes, looks like using of the 'fdtput' is not very safety for me. > As I understood I need to use "fdt_add_pubkey" tool with CMD (example): > ./ fdt_add_pubkey -a rsa2048 -k -n -r my_file.dtb > > -r is the same as for mkimage? As I remember we can use -r w/o any values in mkimage. Yes, that's very close to what our Yocto recipe currently does: for b in ${KERNEL_PUBLIC_KEYS} ; do fdt_add_pubkey -a 'sha1,rsa2048' -k "${KERNEL_SIGNING_DIR}" -n "$b" \ -r conf $dtb done I doubt that old patch applies nowadays, I've only forward-ported it to 2020.04 internally. As to Simon's old question of whether it could be done in mkimage with a new flag: I'd really prefer not to, mkimage is already an incoherent collection of tools that do very different things with different flags. Having a flag that says "create and sign this FIT image, and as a side effect update $this dtb $overhere with the corresponding public key mangled appropriately, oh, and btw, _only_ do that side effect" is a non-starter. Rasmus