From: Maik Otto <m.otto@phytec.de>
To: Sascha Hauer <s.hauer@pengutronix.de>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH v4 1/5] i.mx6: signed boot: add habv4-imx6-gencsf.h to the flash header of the PHYTEC boards
Date: Wed, 13 Nov 2019 10:21:38 +0100 [thread overview]
Message-ID: <44ecff7e-fd3f-849e-a51c-98d526845054@phytec.de> (raw)
In-Reply-To: <20191112115130.iass34olxahhbd5s@pengutronix.de>
Hi Sascha,
thank you for your response and the information about the key handling
for the FIT image.
i will be try it.
Best regards
Maik
Am 12.11.2019 um 12:51 schrieb Sascha Hauer:
> Hi Maik,
>
> On Wed, Aug 21, 2019 at 04:21:44PM +0200, Maik Otto wrote:
>> the habv4-imx6-gencsf.h is necessary in the board flash header to build
>> a signed barebox
> Applied now. Please note that in the meantime it is no longer necessary
> to put the public key for the FIT image into the device tree source
> file. We can now specify the path to the key (or alternatively, a
> PKCS#11 URI) in Kconfig using the CONFIG_CRYPTO_RSA_KEY option:
>
> 9341918ba8 fit-image: Use compiled-in keys
> b39100bcea rsa: Allow to directly compile in rsa public keys
>
> What I missed to mention explicitly is that CONFIG_CRYPTO_RSA_KEY can
> be specified as "__ENV__FOOBAR". When done like this the path (or
> PKCS#11 URI) is taken from the environment variable FOOBAR. This is
> done to help build systems which then no longer have to patch the
> CONFIG_CRYPTO_RSA_KEY option in the barebox config file.
>
> You might want to give it a try, it could simplify your workflow with
> the keys.
>
> Sascha
>
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
prev parent reply other threads:[~2019-11-13 9:21 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-21 14:21 Maik Otto
2019-08-21 14:21 ` [PATCH v4 2/5] imx6: added fit image signature to the devicetree for " Maik Otto
2019-08-21 14:21 ` [PATCH v4 3/5] Kconfig: add selection for creation of signed/encrypted HABV4 images Maik Otto
2019-08-21 14:21 ` [PATCH v4 4/5] Makefile.imx: add build_imx_habv4img for creation of signed/encrypted images Maik Otto
2019-08-21 14:21 ` [PATCH v4 5/5] Makefile.imx: change image creation to build_imx_habv4img for i.MX6 Maik Otto
2019-08-23 8:57 ` [PATCH v4 1/5] i.mx6: signed boot: add habv4-imx6-gencsf.h to the flash header of the PHYTEC boards Sascha Hauer
2019-11-12 11:51 ` Sascha Hauer
2019-11-13 9:21 ` Maik Otto [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44ecff7e-fd3f-849e-a51c-98d526845054@phytec.de \
--to=m.otto@phytec.de \
--cc=barebox@lists.infradead.org \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox