Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the ECDSA signing path to use the appropriate one.
Signed-off-by: Alexandru Gagniuc <mr.nuke...@gmail.com>
---
lib/ecdsa/ecdsa-libcrypto.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index 322880963f..1757a14562 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -140,8 +140,20 @@ static int read_key(struct signer *ctx, const char
*key_name)
/* Prepare a 'signer' context that's ready to sign and verify. */
static int prepare_ctx(struct signer *ctx, const struct image_sign_info *info)
{
- const char *kname = info->keydir;
int key_len_bytes, ret;
+ char kname[1024];
+
+ memset(ctx, 0, sizeof(*ctx));
+
+ if (info->keyfile) {
+ snprintf(kname, sizeof(kname), "%s", info->keyfile);
+ } else if (info->keydir && info->keyname) {
+ snprintf(kname, sizeof(kname), "%s/%s.pem", info->keydir,
+ info->keyname);
+ } else {
+ fprintf(stderr, "keyfile, keyname, or key-name-hint missing\n");
+ return -EINVAL;
+ }
ret = alloc_ctx(ctx, info);
if (ret)
--
2.26.2
