Hi Pegorer, On Sun, 11 Dec 2022 at 06:54, Pegorer Massimo <massimo.pego...@vimar.com> wrote: > > Hi, > > The patch follows, as per discussion in email thread "Patch proposal > - mkimage: fit: Support signed conf 'auto' FITs". Let me know if you > prefer something to be changed, or patch to be split in several > commits. > > I have updated the man page with description of the new feature and > examples. Also fixed some wrong or misleading information. > > ===
Use: Commit-notes: notes go here END (assuming you are using patman) We don't want the message above to appear in the commit log. > > mkimage: fit: Support signed configurations in 'auto' FITs > > Extend support for signing in auto-generated (-f auto) FIT. Previously, > it was possible to get signed 'images' subnodes in the FIT using > options -g and -o together with -f auto. This patch allows signing > 'configurations' subnodes instead of 'images' ones (which are hashed), > using option -f auto-conf instead of -f auto. Adding also -K <dtb> and > -r options, will add public key to <dtb> file with required = "conf" > property. > > Summary: > -f auto => FIT with crc32 images > -f auto -g ... -o ... => FIT with signed images > -f auto-conf -g ... -o ... => FIT with sha1 images and signed confs > > Example: FIT with kernel, two device tree files, and signed > configurations; public key (needed to verify signatures) is > added to u-boot.dtb with required = "conf" property. > > mkimage -f auto-conf -A arm -O linux -T kernel -C none -a 43e00000 \ > -e 0 -d vmlinuz -b /path/to/first.dtb -b /path/to/second.dtb \ > -k /folder/with/key-files -g keyname -o sha256,rsa4096 \ > -K u-boot.dtb -r kernel.itb > > Example: Add public key with required = "conf" property to u-boot.dtb > without needing to sign anything. This will also create a useless FIT > named unused.itb. > > mkimage -f auto-conf -d /dev/null -k /folder/with/key-files \ > -g keyname -o sha256,rsa4096 -K u-boot.dtb -r unused.itb > > Signed-off-by: Massimo Pegorer <massimo.pego...@vimar.com> > --- > doc/mkimage.1 | 119 ++++++++++++++++++++++++++++++++-------------- > tools/fit_image.c | 75 +++++++++++++++++++---------- > tools/imagetool.h | 10 +++- > tools/mkimage.c | 23 +++++++-- > 4 files changed, 160 insertions(+), 67 deletions(-) Looks good, but it does need a test, please. See test/py/tests/fit.py for an example https://u-boot.readthedocs.io/en/latest/develop/py_testing.html Regards, Simon
