git.dujemihanovic.xyz Git - u-boot.git/commit

author	Alexander Dahl <ada@thorsis.com>
	Thu, 20 Jun 2024 14:20:59 +0000 (16:20 +0200)
committer	Tom Rini <trini@konsulko.com>
	Fri, 5 Jul 2024 19:57:01 +0000 (13:57 -0600)
commit	6074f6e85783f582e8524778fff170ff05b35a91
tree	a7962882020348dfc83d42d122d119907c14c507	tree \| snapshot
parent	d36394cff8cee764aea75860ceac4655f7f3e944	commit \| diff

mkimage: Allow 'auto-conf' signing of scripts

U-Boot configured for verified boot with the "required" option set to
"conf" also checks scripts put in FIT images for a valid signature, and
refuses to source and run such a script if the signature for the
configuration is bad or missing.  Such a script could not be packaged
before, because mkimage failed like this:

    % tools/mkimage -T script -C none -d tmp/my.scr -f auto-conf -k tmp -g dev -o sha256,rsa4096 my.uimg
    Failed to find any images for configuration 'conf-1/signature'
    tools/mkimage Can't add hashes to FIT blob: -1
    Error: Bad parameters for FIT image type

This is especially unfortunate if LEGACY_IMAGE_FORMAT is disabled as
recommended.

Listing the script configuration in a "sign-images" subnode instead,
would have added even more complexity to the already complex auto fit
generation code.

Signed-off-by: Alexander Dahl <ada@thorsis.com>