mkimage: Add -c option to specify a comment for key signing

When signing an image, it is useful to add some details about which tool or person is authorising the signing. Add a comment field which can take care of miscellaneous requirements. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
2024-11-25 06:00:43 +00:00 · 2013-06-13 15:10:06 -07:00 · 2013-06-13 15:10:06 -07:00 · 4f61042701
commit 4f61042701
parent 95d77b4479
4 changed files with 16 additions and 3 deletions
--- a/doc/mkimage.1
+++ b/doc/mkimage.1
@ -96,6 +96,12 @@ Set XIP (execute in place) flag.
 .P
 .B Create FIT image:

+.TP
+.BI "\-c [" "comment" "]"
+Specifies a comment to be added when signing. This is typically a useful
+message which describes how the image was signed or some other useful
+information.
+
 .TP
 .BI "\-D [" "dtc options" "]"
 Provide special options to the device tree compiler that is used to
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@ -153,9 +153,9 @@ static int fit_handle_file (struct mkimage_params *params)

 	/* set hashes for images in the blob */
 	if (fit_add_verification_data(params->keydir, dest_blob, ptr,
-				      NULL, 0)) {
+				      params->comment, 0)) {
 		fprintf (stderr, "%s Can't add hashes to FIT blob",
-				params->cmdname);
+			 params->cmdname);
 		goto err_add_hashes;
 	}

--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@ -183,6 +183,11 @@ main (int argc, char **argv)
 					genimg_get_arch_id (*++argv)) < 0)
 					usage ();
 				goto NXTARG;
+			case 'c':
+				if (--argc <= 0)
+					usage();
+				params.comment = *++argv;
+				goto NXTARG;
 			case 'C':
 				if ((--argc <= 0) ||
 					(params.comp =
@ -640,9 +645,10 @@ usage ()
 	fprintf(stderr, "          -D => set options for device tree compiler\n"
 			"          -f => input filename for FIT source\n");
 #ifdef CONFIG_FIT_SIGNATURE
-	fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb]\n"
+	fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>]\n"
 			"          -k => set directory containing private keys\n"
 			"          -K => write public keys to this .dtb file\n"
+			"          -c => add comment in signature node\n"
 			"          -F => re-sign existing FIT image\n");
 #else
 	fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
--- a/tools/mkimage.h
+++ b/tools/mkimage.h
@ -89,6 +89,7 @@ struct mkimage_params {
 	char *cmdname;
 	const char *keydir;	/* Directory holding private keys */
 	const char *keydest;	/* Destination .dtb for public key */
+	const char *comment;	/* Comment to add to signature node */
 };

 /*