iot2050: Use binman in signing script

The underlying issue was fixed in the meantime. Also signing the U-Boot
proper fit image now works. Just supporting custom cert templates
remains a todo.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

diff --git a/tools/iot2050-sign-fw.sh b/tools/iot2050-sign-fw.sh
index 4d1d794..3f953c0 100755 (executable)
--- a/tools/iot2050-sign-fw.sh
+++ b/tools/iot2050-sign-fw.sh
@@ -39,13 +39,8 @@ CERT_X509=$(mktemp XXXXXXXX.crt)
 
 openssl req -new -x509 -key $1 -nodes -outform DER -out $CERT_X509 -config $TEMP_X509 -sha512
 cat $CERT_X509 tispl.bin > tispl.bin_signed
-# currently broken in upstream
-#source/tools/binman/binman replace -i flash.bin -f tispl.bin_signed blob@0x180000
-dd if=tispl.bin_signed of=flash.bin bs=$((0x1000)) seek=$((0x180000/0x1000)) conv=notrunc
+source/tools/binman/binman replace -i flash.bin -f tispl.bin_signed fit@0x180000
 
 rm $TEMP_X509 $CERT_X509
 
-tools/mkimage -G $1 -r -o sha256,rsa4096 -F fit@0x380000.fit
-# currently broken in upstream
-#source/tools/binman/binman replace -i flash.bin -f fit@0x380000.fit fit@0x380000
-dd if=fit@0x380000.fit of=flash.bin bs=$((0x1000)) seek=$((0x380000/0x1000)) conv=notrunc
+source/tools/binman/binman sign -i flash.bin -k $1 -a sha256,rsa4096 fit@0x380000