FIT image verification requires public keys. Add a convenient option to
mkimage to write the public keys to an FDT blob when it uses then for
signing an image. This allows us to use:
mkimage -f test.its -K dest.dtb -k keys test.fit
and have the signatures written to test.fit and the corresponding public
keys written to dest.dtb. Then dest.dtb can be used as the control FDT
for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
public keys it needs.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
Keys required for signing images will be in a specific directory. Add a
-k option to specify that directory.
Also update the mkimage man page with this information and a clearer list
of available commands.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.
Signed-off-by: Simon Glass <sjg@chromium.org>
The fit_handle_file() function is quite long - split out the part that
loads and checks a FIT into its own function. We will use this
function for storing public keys into a destination FDT file.
The error handling is currently a bit repetitive - tidy it.
Signed-off-by: Simon Glass <sjg@chromium.org>
We intend to add signatures to FITs also, so rename this function so that
it is not specific to hashing. Also rename fit_image_set_hashes() and
make it static since it is not used outside this file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
The FIT fit_set_header() function was copied from the standard uImage's
image_set_header() function during mkimage reorganization. However, the
fit_set_header() function is not used since FIT images use a standard
device tree blob header.
Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
This is a first step towards reorganizing the mkimage code to make it
easier to add support for additional images types. Current mkimage
code is specific to generating uImage and FIT image files, but the
same framework can be used to generate other image types like
Kirkwood boot images (kwbimage-TBD). For this, the mkimage code gets
reworked:
Here is the brief plan for the same:-
a) Split mkimage code into core and image specific support
b) Implement callback functions for image specific code
c) Move image type specific code to respective C files
Currently there are two types of file generation/list
supported (i.e uImage, FIT), the code is abstracted from
mkimage.c/.h and put in default_image.c and fit_image.c;
all code in these file is static except init function call
d) mkimage_register API is added to add new image type support
All above is addressed in this patch
e) Add kwbimage type support to this new framework (TBD)
This will be implemented in a following commit.
Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com>
Edit commit message, fix coding style and typos.
Signed-off-by: Wolfgang Denk <wd@denx.de>
