[U-Boot] [PATCH 2/7] fdt: add "fdt sign" command

[Heiko Schocher <hs@denx.de>]

Hello Marek,

Am 12.02.2014 11:46, schrieb Marek Vasut:
> On Monday, February 10, 2014 at 07:15:09 AM, Heiko Schocher wrote:
>> Hello Marek,
>>
>> Am 08.02.2014 15:09, schrieb Marek Vasut:
>>> On Saturday, January 25, 2014 at 07:44:24 AM, Heiko Schocher wrote:
>>>> check if a fdt is correct signed
>>>> pass an optional addr value. Contains the addr of the key blob
>>>>
>>>> Signed-off-by: Heiko Schocher<hs@denx.de>
>>>> Cc: Simon Glass<sjg@chromium.org>
>>>
>>> Should the FIT signature checking really be part of the 'fdt' command ?
>>> Shouldn't 'bootm' check the signature (well, 'bootm prep' or such does)
>>> or somesuch command ?
>>
>> Why not? I use this "fdt check" command for example in a script, for
>> checking if the FIT image is correct signed, and if so, update with
>> the binaries in it some UBI Volumes (not only kernel, dt and/or
>> rootfs) ... but if this is not accepted, I can look into the bootm
>> command if I can use it ... but I do not want boot the FIT image ...
>
> But doesn't 'bootm prep' (aka. prepare the image for booting, but do not
> actually boot) do the same thing ? It does verify the image etc., right ?

Yes, but maybe do "etc" things I do not need?

 From the "bootm prep" help text:
"prep    - OS specific prep before relocation or go"

"OS specific prep or go" ... Hmm...

- The "fdt checksign" command (as I renamed it in v2) does no "OS
   specific" things, only check the signature of the FIT image.
   There is no OS dependency ... With "bootm prep" there are maybe
   done OS specific things with the FIT Image ...
   maybe in my case it would work, but is this true for all boards?

- "or go" ... I definitely do not want to boot the FIT Image!

bye,
Heiko
-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany