From: Heiko Schocher <hs@denx.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 2/7] fdt: add "fdt sign" command
Date: Fri, 14 Feb 2014 06:06:34 +0100 [thread overview]
Message-ID: <52FDA45A.8000401@denx.de> (raw)
In-Reply-To: <201402132126.00883.marex@denx.de>
Hello Marek,
Am 13.02.2014 21:26, schrieb Marek Vasut:
> On Wednesday, February 12, 2014 at 04:31:50 PM, Heiko Schocher wrote:
>> Hello Marek,
>>
>> Am 12.02.2014 11:46, schrieb Marek Vasut:
>>> On Monday, February 10, 2014 at 07:15:09 AM, Heiko Schocher wrote:
>>>> Hello Marek,
>>>>
>>>> Am 08.02.2014 15:09, schrieb Marek Vasut:
>>>>> On Saturday, January 25, 2014 at 07:44:24 AM, Heiko Schocher wrote:
>>>>>> check if a fdt is correct signed
>>>>>> pass an optional addr value. Contains the addr of the key blob
>>>>>>
>>>>>> Signed-off-by: Heiko Schocher<hs@denx.de>
>>>>>> Cc: Simon Glass<sjg@chromium.org>
>>>>>
>>>>> Should the FIT signature checking really be part of the 'fdt' command ?
>>>>> Shouldn't 'bootm' check the signature (well, 'bootm prep' or such does)
>>>>> or somesuch command ?
>>>>
>>>> Why not? I use this "fdt check" command for example in a script, for
>>>> checking if the FIT image is correct signed, and if so, update with
>>>> the binaries in it some UBI Volumes (not only kernel, dt and/or
>>>> rootfs) ... but if this is not accepted, I can look into the bootm
>>>> command if I can use it ... but I do not want boot the FIT image ...
>>>
>>> But doesn't 'bootm prep' (aka. prepare the image for booting, but do not
>>> actually boot) do the same thing ? It does verify the image etc., right ?
>>
>> Yes, but maybe do "etc" things I do not need?
>>
>> From the "bootm prep" help text:
>> "prep - OS specific prep before relocation or go"
>>
>> "OS specific prep or go" ... Hmm...
>>
>> - The "fdt checksign" command (as I renamed it in v2) does no "OS
>> specific" things, only check the signature of the FIT image.
>> There is no OS dependency ... With "bootm prep" there are maybe
>> done OS specific things with the FIT Image ...
>> maybe in my case it would work, but is this true for all boards?
>>
>> - "or go" ... I definitely do not want to boot the FIT Image!
>
> CC Simon, he might clear this up. I'm sick (flu?) and I don't want to leave this
Simon is on Cc, and he remarked to rename this "fdt sign" into "fdt
checksign", I did in the "v2" of this patch ...
> thread hanging , sorry.
Bad news. I hope you get well soon!
bye,
Heiko
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
next prev parent reply other threads:[~2014-02-14 5:06 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-25 6:44 [U-Boot] [PATCH 0/7] common, fit, rsa: enhancements Heiko Schocher
2014-01-25 6:44 ` [U-Boot] [PATCH 1/7] tools/image-host: fix sign-images bug Heiko Schocher
2014-01-26 21:05 ` Simon Glass
2014-01-25 6:44 ` [U-Boot] [PATCH 2/7] fdt: add "fdt sign" command Heiko Schocher
2014-01-26 21:04 ` Simon Glass
2014-01-27 6:37 ` Heiko Schocher
2014-01-27 6:50 ` Wolfgang Denk
2014-01-27 7:42 ` Heiko Schocher
2014-02-08 14:09 ` Marek Vasut
2014-02-10 6:15 ` Heiko Schocher
2014-02-12 10:46 ` Marek Vasut
2014-02-12 15:31 ` Heiko Schocher
2014-02-13 20:26 ` Marek Vasut
2014-02-14 5:06 ` Heiko Schocher [this message]
2014-01-25 6:44 ` [U-Boot] [PATCH 3/7] fit: add sha256 support Heiko Schocher
2014-01-26 21:07 ` Simon Glass
2014-01-25 6:44 ` [U-Boot] [PATCH 4/7] rsa: add sha256-rsa2048 algorithm Heiko Schocher
2014-01-26 21:10 ` Simon Glass
2014-01-27 6:45 ` Heiko Schocher
2014-01-27 17:36 ` Simon Glass
2014-01-25 6:44 ` [U-Boot] [PATCH 5/7] rsa: add sha256,rsa4096 algorithm Heiko Schocher
2014-01-26 21:19 ` Simon Glass
2014-01-27 7:36 ` Heiko Schocher
2014-01-27 17:39 ` Simon Glass
2014-01-25 6:44 ` [U-Boot] [PATCH 6/7] tools, fit: add fit_info host command Heiko Schocher
2014-02-08 14:16 ` Marek Vasut
2014-02-10 6:28 ` Heiko Schocher
2014-02-12 10:46 ` Marek Vasut
2014-01-25 6:44 ` [U-Boot] [PATCH 7/7] tools, fit_check_sign: verify a signed fit image Heiko Schocher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52FDA45A.8000401@denx.de \
--to=hs@denx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).