From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D6D6C7EE22 for ; Thu, 11 May 2023 16:45:07 +0000 (UTC) Received: from mailout4.zoneedit.com (mailout4.zoneedit.com [64.68.198.64]) by mx.groups.io with SMTP id smtpd.web11.1637.1683823502510437043 for ; Thu, 11 May 2023 09:45:02 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=none, err=permanent DNS error (domain: denix.org, ip: 64.68.198.64, mailfrom: denis@denix.org) Received: from localhost (localhost [127.0.0.1]) by mailout4.zoneedit.com (Postfix) with ESMTP id 36C8D40C68; Thu, 11 May 2023 16:45:01 +0000 (UTC) Received: from mailout4.zoneedit.com ([127.0.0.1]) by localhost (zmo14-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DnrSjawPg-xw; Thu, 11 May 2023 16:45:01 +0000 (UTC) Received: from mail.denix.org (pool-100-15-88-116.washdc.fios.verizon.net [100.15.88.116]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout4.zoneedit.com (Postfix) with ESMTPSA id C074340C16; Thu, 11 May 2023 16:44:51 +0000 (UTC) Received: by mail.denix.org (Postfix, from userid 1000) id 36CB71638CA; Thu, 11 May 2023 12:44:08 -0400 (EDT) Date: Thu, 11 May 2023 12:44:08 -0400 From: Denys Dmytriyenko To: Ricardo Salveti Cc: m-chawdhry@ti.com, meta-ti@lists.yoctoproject.org, Ryan Eatmon , Denys Dmytriyenko , Vignesh Raghavendra , Praneeth Bajjuri , Udit Kumar , Andrew Davis , Kamlesh Gurudasani Subject: Re: [meta-ti][master/kirkstone][RFC PATCH] conf: machine: include: k3 enable fit signing for uboot Message-ID: <20230511164408.GA9226@denix.org> References: <20230509-b4-k3-fit-signing-v1-1-2e335869bec8@ti.com> <20230511154739.GZ9226@denix.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Content-Transfer-Encoding: quoted-printable List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 11 May 2023 16:45:07 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-ti/message/16515 On Thu, May 11, 2023 at 01:20:08PM -0300, Ricardo Salveti wrote: > On Thu, May 11, 2023 at 12:48=E2=80=AFPM Denys Dmytriyenko wrote: > > > > On Thu, May 11, 2023 at 11:54:00AM +0530, Manorit Chawdhry via lists.= yoctoproject.org wrote: > > > Signed-off-by: Manorit Chawdhry > > > --- > > > To: Ryan Eatmon > > > To: Denys Dmytriyenko > > > Cc: meta-ti@lists.yoctoproject.org > > > Cc: Vignesh Raghavendra > > > Cc: Praneeth Bajjuri > > > Cc: Udit Kumar > > > Cc: Andrew Davis > > > Cc: Kamlesh Gurudasani > > > --- > > > meta-ti-bsp/conf/machine/include/k3.inc | 6 ++++++ > > > 1 file changed, 6 insertions(+) > > > > > > diff --git a/meta-ti-bsp/conf/machine/include/k3.inc b/meta-ti-bsp/= conf/machine/include/k3.inc > > > index fff1550564b3..ab7e45a8016f 100644 > > > --- a/meta-ti-bsp/conf/machine/include/k3.inc > > > +++ b/meta-ti-bsp/conf/machine/include/k3.inc > > > @@ -31,6 +31,12 @@ SPL_BINARY =3D "tispl.bin" > > > SPL_BINARYNAME =3D "tispl.bin" > > > UBOOT_SUFFIX =3D "img" > > > > > > +UBOOT_SIGN_ENABLE =3D "1" > > > +UBOOT_MKIMAGE_DTCOPTS =3D "-I dts -O dtb" > > > +UBOOT_SIGN_KEYNAME =3D "uboot_signing_dev_key" > > > +UBOOT_SIGN_KEYDIR =3D "${DEPLOY_DIR_IMAGE}/u-boot-keys" > > > > How are the keys get into there? Are there extra docs/instructions? >=20 > FIT_GENERATE_KEYS set to 1 forces the key to be automatically > generated by openembedded-core/meta/classes/uboot-sign.bbclass, so > they are created during build time. I know, and that is fine for development, but not so much for production = -=20 that is why I asked for docs/instructions for someone to deploy their own= =20 keys and disable autogeneration. --=20 Denys