From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60A9AC4338F for ; Mon, 2 Aug 2021 19:20:42 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7AA2460D07 for ; Mon, 2 Aug 2021 19:20:41 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 7AA2460D07 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 525D7833F4; Mon, 2 Aug 2021 21:20:34 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="mGhPFdio"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B4C7A833E3; Mon, 2 Aug 2021 21:20:30 +0200 (CEST) Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id DD5A782E1B for ; Mon, 2 Aug 2021 21:20:27 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@google.com Received: by mail-wr1-x430.google.com with SMTP id k4so11867382wrc.0 for ; Mon, 02 Aug 2021 12:20:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=k0aFAZRbMn+1lZmMDru0MQ4hwzRGDwW8LHVXWh65dXs=; b=mGhPFdiomLYQ+BvgZGodsqX8dGsF32xXG4r3314/QnhsYmnSHYCjs9KMBXK/TTn8DH 64x9DDQ0YMJozJUOPhTQU7cQ6/FXqXXGeo+qpNUZUS1+zohNWIaNVRXnDutG8WYTNmJa WyjjtcVBIGRTG7hpxHaG3ojT/opl6nni+HsMs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=k0aFAZRbMn+1lZmMDru0MQ4hwzRGDwW8LHVXWh65dXs=; b=bQM3S3PTSUrGRW426e7PR4n/mek0VYuCbEVFdSkHG7DM1QdWDh1oJ0iqXMOSPDtttW g5Cn/XZadI72PRh1PgLAoyjwVrGypmemkLF0Vq7lafR3KayEthKMOMKsU0MInNt80+aP DDQZAmhPOz/DSKwgNmQDOchhQdVdzvSLvH2SuvddWWTeAKrAstJgM09r4KYJ+ZDvd0M/ sKHu8sculSI83mbr7X8ydQwNvBpwlwITL8Ewl2KgRbUOBu3LURFhUneKC16qO03eOPZG sRPcI5dF/TsEz9DSc9jrPJAt1+09JNpyDSKy6xG+i34OWvNldRmMe1dheoj+fg7g6NO6 o82Q== X-Gm-Message-State: AOAM531OQERoN5oYr2kT7qHlh4YmbvSDhCKugv6l2QeC+yIMIst8KAdo w+/Y7TJPUdULNNLOOu59gshLE0pGxJS6vBfJ/YTMCg== X-Google-Smtp-Source: ABdhPJxbyCdzqHOQ6Hc+gD7rZ+yycbm7ka3gzvC35Gmu3d/EZamVLNNZL0/yFqtRZMrNLvdsRwDONER1bm5OWVFE1ag= X-Received: by 2002:a5d:4fc2:: with SMTP id h2mr19199976wrw.420.1627932027103; Mon, 02 Aug 2021 12:20:27 -0700 (PDT) MIME-Version: 1.0 References: <25743c08c4b34f9791e39e687399f802@kaspersky.com> <94d75c521aed46dbb54a8275be2f529e@kaspersky.com> <79544e1e9256d8c1c9f36978b15b294b518d480b.camel@bootlin.com> <11ae1091-bf2d-800f-d513-840119655fb2@prevas.dk> <55a1a03c621f4cdea36f12ebd2cde976@kaspersky.com> <0e75f275-d661-7b75-6da8-91ecec53d78c@prevas.dk> In-Reply-To: <0e75f275-d661-7b75-6da8-91ecec53d78c@prevas.dk> From: Simon Glass Date: Mon, 2 Aug 2021 13:20:15 -0600 Message-ID: Subject: Re: U-boot To: Rasmus Villemoes Cc: Roman Kopytin , Thomas Perrot , Michael Nazzareno Trimarchi , U-Boot-Denx , Alex Kiernan Content-Type: text/plain; charset="UTF-8" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Hi Rasmus, On Mon, 2 Aug 2021 at 03:37, Rasmus Villemoes wrote: > > On 02/08/2021 11.25, Roman Kopytin wrote: > > Thanks a lot! > > Yes, looks like using of the 'fdtput' is not very safety for me. > > As I understood I need to use "fdt_add_pubkey" tool with CMD (example): > > ./ fdt_add_pubkey -a rsa2048 -k -n -r my_file.dtb > > > > -r is the same as for mkimage? As I remember we can use -r w/o any values in mkimage. > > Yes, that's very close to what our Yocto recipe currently does: > > for b in ${KERNEL_PUBLIC_KEYS} ; do > fdt_add_pubkey -a 'sha1,rsa2048' -k > "${KERNEL_SIGNING_DIR}" -n "$b" \ > -r conf $dtb > done > > I doubt that old patch applies nowadays, I've only forward-ported it to > 2020.04 internally. > > As to Simon's old question of whether it could be done in mkimage with a > new flag: I'd really prefer not to, mkimage is already an incoherent > collection of tools that do very different things with different flags. > Having a flag that says "create and sign this FIT image, and as a side > effect update $this dtb $overhere with the corresponding public key > mangled appropriately, oh, and btw, _only_ do that side effect" is a > non-starter. I missed that comment at the time...I think this tool is useful though. The series is marked as deferred in patchwork, probably because the thread died. How about reposting it? Regards, Simon