PROCESSOR-SDK-AM62X: PROCESSOR-SDK-AM62X: Reference for the key used to sign fitImage: PART2

Part Number: PROCESSOR-SDK-AM62X
Other Parts Discussed in Thread: AM625

Tool/software:

Base on following your support, I tried to change the signing key:

PROCESSOR-SDK-AM62X: Reference for the key used to sign fitImage

Prashant Shivhare 2 days ago in reply to Koji Hirohashi
TI__Guru 61431 points
Hello,

The keys are present in the U-Boot source code itself:

https://git.ti.com/cgit/ti-u-boot/ti-u-boot/tree/arch/arm/mach-k3/keys

You may replace the keys in this directly with your custom keys to sign the images with the same.

Regards,

Prashant

 
In my using U-Boot, 2023.04, there is no such a directry: arch/arm/mach-k3/keys.
There is the keys in this directry:board/ti/keys, so I changed this directry and built.
I confirmed tiboot3.bin , tispl.bin , u-boot.img could be changed signing key by my method.
But, the key in recipe-sysroot-native/usr/share/ti/ti-k3-secdev/keys for fitImage was not changed.
 
And more, fitImage could be booted even if signed by primary key when KEYREV is 2.
 
1. How to be produced the keys in recipe-sysroot-native/usr/share/ti/ti-k3-secdev/keys?
2. When KEYREV=2, is backup key used to verify fitImage?
 
Best Regards,
Koji