Skip to content

FIT signing

In order to do FIT signing for kernel or U-Boot signing following actions/configurations are required

  • Product is created with a configuration which supports FIT image signing.
    • Product operation SignUBoot has been configured
    • Product operation SignKernel has been configured

Product configuration

  1. Create product with needed signing operations.
    1. Check product.

Input data for FIT signing

The input is a binary file.

Example usage with reference client package: FIT signing

FIT signing examples ($TOKEN contains the "regular" user token and $APPROVERTOKEN contains a token for a user that's in the approvers group):

(venv) $ ./signing-tool.py -c -t $TOKEN -a https://app.laavat.io/<CustomerName>/api/v1  add SignUBoot \
    -N test -D test2 -P adcb30d8-f009-438e-b1b2-96f507b306cb --operid 4add90e9-ffb3-4708-9554-ed2e82e8fd71 -F linux-uImage.bin

# Approve the cst signing request
(venv) $ ./signing-tool.py -c -t $APPROVERTOKEN -a https://app.laavat.io/<CustomerName>/api/v1 imagesigning approve \
    -I a83081a6-1d3b-4117-a81b-0ebcfcf0669c

# Get the signed payload
(venv) $./signing-tool.py -c -t $TOKEN -a https://app.laavat.io/<CustomerName>/api/v1 imagesigning get \
    -I a83081a6-1d3b-4117-a81b-0ebcfcf0669c -O /tmp/signed.bin