mail archive of the barebox mailing list
 help / color / mirror / Atom feed
From: Sascha Hauer <s.hauer@pengutronix.de>
To: Maik Otto <m.otto@phytec.de>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH v4 1/5] i.mx6: signed boot: add habv4-imx6-gencsf.h to the flash header of the PHYTEC boards
Date: Tue, 12 Nov 2019 12:51:30 +0100	[thread overview]
Message-ID: <20191112115130.iass34olxahhbd5s@pengutronix.de> (raw)
In-Reply-To: <1566397308-450229-1-git-send-email-m.otto@phytec.de>

Hi Maik,

On Wed, Aug 21, 2019 at 04:21:44PM +0200, Maik Otto wrote:
> the habv4-imx6-gencsf.h is necessary in the board flash header to build
> a signed barebox

Applied now. Please note that in the meantime it is no longer necessary
to put the public key for the FIT image into the device tree source
file. We can now specify the path to the key (or alternatively, a
PKCS#11 URI) in Kconfig using the CONFIG_CRYPTO_RSA_KEY option:

9341918ba8 fit-image: Use compiled-in keys
b39100bcea rsa: Allow to directly compile in rsa public keys

What I missed to mention explicitly is that CONFIG_CRYPTO_RSA_KEY can
be specified as "__ENV__FOOBAR". When done like this the path (or
PKCS#11 URI) is taken from the environment variable FOOBAR. This is
done to help build systems which then no longer have to patch the
CONFIG_CRYPTO_RSA_KEY option in the barebox config file.

You might want to give it a try, it could simplify your workflow with
the keys.

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

  parent reply	other threads:[~2019-11-12 11:51 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-21 14:21 Maik Otto
2019-08-21 14:21 ` [PATCH v4 2/5] imx6: added fit image signature to the devicetree for " Maik Otto
2019-08-21 14:21 ` [PATCH v4 3/5] Kconfig: add selection for creation of signed/encrypted HABV4 images Maik Otto
2019-08-21 14:21 ` [PATCH v4 4/5] Makefile.imx: add build_imx_habv4img for creation of signed/encrypted images Maik Otto
2019-08-21 14:21 ` [PATCH v4 5/5] Makefile.imx: change image creation to build_imx_habv4img for i.MX6 Maik Otto
2019-08-23  8:57 ` [PATCH v4 1/5] i.mx6: signed boot: add habv4-imx6-gencsf.h to the flash header of the PHYTEC boards Sascha Hauer
2019-11-12 11:51 ` Sascha Hauer [this message]
2019-11-13  9:21   ` Maik Otto

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191112115130.iass34olxahhbd5s@pengutronix.de \
    --to=s.hauer@pengutronix.de \
    --cc=barebox@lists.infradead.org \
    --cc=m.otto@phytec.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox