Hi, I'm trying to generate secure boot keys using native linux tools. I assumed the secureboot format would be documented, but all I found was links to STM32MP_KeyGen.
I can use openssl to generate ECDSA keys, and also get publik keys out. I am at teh point where I can take the private key from STM32MP_KeyGen, and convert it to a public key:
openssl ec -in private-key.pem -pubout -out public-key.pem
However, what I can't figure out is how to get the SHA256 hash of the public key in a way that I can burn in the OTP fuses. openssl hash functions give a different result than the one generated by STM32MP_KeyGen. What is the format that the chip expects?
