It is possible to protect your PEM file with AES encryption and a password, with something like:
openssl ec -in keys.pem -out keys_encrypted.pem -aes256
but picotool does not have a mechanism for requesting the password and decrypting the file when the firmware is being signed:
ERROR: Failed to read key file /some/path/keys_encrypted.pem, error PK - Private key password can't be empty
It might be worth adding this level of protection. What do you think?
It is possible to protect your PEM file with AES encryption and a password, with something like:
but picotool does not have a mechanism for requesting the password and decrypting the file when the firmware is being signed:
It might be worth adding this level of protection. What do you think?