git.dujemihanovic.xyz Git - u-boot.git/commit

author	Sean Anderson <sean.anderson@seco.com>
	Mon, 16 May 2022 20:11:08 +0000 (16:11 -0400)
committer	Tom Rini <trini@konsulko.com>
	Mon, 6 Jun 2022 22:01:20 +0000 (18:01 -0400)
commit	87b0af9317cb4105f3f29cb0a4c28c7cd87ea65f
tree	34dbf5df7e5c357a8ba32c0ab3c10310c7a6f5b8	tree \| snapshot
parent	5920e5c838d1b6647878e51c0b9b8c9e4eaf1928	commit \| diff

mkimage: Support signing 'auto' FITs

This adds support for signing images in auto-generated FITs. To do this,
we need to add a signature node. The algorithm name property already has
its own option, but we need one for the key name hint. We could have
gone the -G route and added an explicit name for the public key (like
what is done for the private key). However, many places assume the
public key can be constructed from the key dir and hint, and I don't
want to do the refactoring necessary.

As a consequence of this, it is now easier to add public keys to an
existing image without signing something. This could be done all along,
but now you don't have to create an its just to do it. Ideally, we
wouldn't create a FIT at the end. This could be done by calling
fit_image_setup_sig/info.crypto->add_verify_data directly.

Signed-off-by: Sean Anderson <sean.anderson@seco.com>

doc/mkimage.1		diff \| blob \| history
tools/fit_image.c		diff \| blob \| history
tools/imagetool.h		diff \| blob \| history
tools/mkimage.c		diff \| blob \| history