Test script to confirm FIT image build and signature is available. ** Attachment added: "Testing script." https://bugs.launchpad.net/ubuntu/+source/u-boot/+bug/1831942/+attachment/5270139/+files/TEST-FIT
** Description changed: [Impact] the existing mkimage/dumpimage tools are unable to make or dump out the contents of a u-boot FIT image. - [Test Case] run mkimage with no arguments, note that signing is shown as - not enabled. + [Test Case] run mkimage with no arguments, note that FIT images and + signing are shown as disabled. Install the updated version and note + that FIT images and signing are now shown as enabled. Run the attached + TEST-FIT script which will put together a sample image, generate some + keys, and sign the resulting image contents. You will see "kernel.img: + Device Tree Blob version 17,..." if the image is created and you will + see dumpimage output showing it is not yet signed (Sign value: + unavailable). The signatures will then be applied and the image + redumped and you will see it is now signed (Sign value: <hex>). [Regression Potential] though this changes the u-boot boot loader package, only the build of the u-boot-utils package contents is modified. This primarily enabled FIT_SIGNATURE support in the configuration before building those tools. The majority of the tools we ship do not have configuration support even and so should not be affected. mkimage et al are not normally used during a kernel/bootloader update and so the risk to a pre-installed system should be low. There is slightly higher risk in the xenial changes as the enablement has enabled some additional tool builds, but none of those are shipped in the resulting binaries. === We need a mechanism for securely signing Flat Image Tree binaries. This will be performed in a similar manner to UEFI signing support via a custom binary upload to launchpad. We will also need a u-boot update to enable image creation and signing support in mkimage. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831942 Title: support u-boot Flat Image Tree (FIT) signing support To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1831942/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
