V3s_Allwinner
/
uboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

mkimage: Add -c option to specify a comment for key signing 

When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
This commit is contained in:
Simon Glass 2013-06-13 15:10:06 -07:00 committed by Tom Rini
parent 95d77b4479
commit 4f61042701
4 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/mkimage.1
View File

@ -96,6 +96,12 @@ Set XIP (execute in place) flag.
.P .P
.B Create FIT image: .B Create FIT image:
.TP
.BI "\-c [" "comment" "]"
Specifies a comment to be added when signing. This is typically a useful
message which describes how the image was signed or some other useful
information.
.TP .TP
.BI "\-D [" "dtc options" "]" .BI "\-D [" "dtc options" "]"
Provide special options to the device tree compiler that is used to Provide special options to the device tree compiler that is used to

2
tools/fit_image.c
View File

@ -153,7 +153,7 @@ static int fit_handle_file (struct mkimage_params *params)
/* set hashes for images in the blob */ /* set hashes for images in the blob */
if (fit_add_verification_data(params->keydir, dest_blob, ptr, if (fit_add_verification_data(params->keydir, dest_blob, ptr,
NULL, 0)) { params->comment, 0)) {
fprintf (stderr, "%s Can't add hashes to FIT blob", fprintf (stderr, "%s Can't add hashes to FIT blob",
params->cmdname); params->cmdname);
goto err_add_hashes; goto err_add_hashes;

8
tools/mkimage.c
View File

@ -183,6 +183,11 @@ main (int argc, char **argv)
genimg_get_arch_id (*++argv)) < 0) genimg_get_arch_id (*++argv)) < 0)
usage (); usage ();
goto NXTARG; goto NXTARG;
case 'c':
if (--argc <= 0)
usage();
params.comment = *++argv;
goto NXTARG;
case 'C': case 'C':
if ((--argc <= 0) || if ((--argc <= 0) ||
(params.comp = (params.comp =
@ -640,9 +645,10 @@ usage ()
fprintf(stderr, " -D => set options for device tree compiler\n" fprintf(stderr, " -D => set options for device tree compiler\n"
" -f => input filename for FIT source\n"); " -f => input filename for FIT source\n");
#ifdef CONFIG_FIT_SIGNATURE #ifdef CONFIG_FIT_SIGNATURE
fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb]\n" fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>]\n"
" -k => set directory containing private keys\n" " -k => set directory containing private keys\n"
" -K => write public keys to this .dtb file\n" " -K => write public keys to this .dtb file\n"
" -c => add comment in signature node\n"
" -F => re-sign existing FIT image\n"); " -F => re-sign existing FIT image\n");
#else #else
fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n"); fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");

1
tools/mkimage.h
View File

@ -89,6 +89,7 @@ struct mkimage_params {
char *cmdname; char *cmdname;
const char *keydir; /* Directory holding private keys */ const char *keydir; /* Directory holding private keys */
const char *keydest; /* Destination .dtb for public key */ const char *keydest; /* Destination .dtb for public key */
const char *comment; /* Comment to add to signature node */
}; };
/* /*