To sign an image, you must first generate a Public Key Infrastructure (PKI).
Digi Embedded Yocto automatically generates one if not provided. This topic explains how to manually generate a PKI tree for the ConnectCore MP15.
Generate a Public Key Infrastructure (PKI) tree
-
Install an SDK to have access to the signing tools. See Install a pre-compiled toolchain for instructions.
-
Create a folder to hold the keys and export variable
CONFIG_SIGN_KEYS_PATH
with its path, for instance:$ export CONFIG_SIGN_KEYS_PATH="/home/username/my-pki" $ cd ${CONFIG_SIGN_KEYS_PATH}
-
Generate the PKI tree with:
$ trustfence-sign-artifact.sh -p ccmp15
This generates a subdirectory
keys/
with:-
fit/fitcfg.crt
: public key for FIT configuration nodes -
fit/fitcfg.key
: private key for FIT configuration nodes -
fit/fitimg.crt
: public key for FIT image nodes -
fit/fitimg.key
: private key for FIT image nodes -
keys/key_pass.txt
: the randomly generated password in plain text -
keys/privateKey.pem
: the private key -
keys/publicKey.pem
: the public key -
keys/publicKeyhash.bin
: hash of the ECC public key
-
-
Add this line to your
conf/local.conf
file to use the generated keys:TRUSTFENCE_SIGN_KEYS_PATH = "/home/username/my-pki"