summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon Glass <sjg@chromium.org>2013-06-13 15:10:03 -0700
committerTom Rini <trini@ti.com>2013-06-26 10:18:56 -0400
commit80e4df8ac661ada5308f3bffebe4e6fae1f8e990 (patch)
treebb12060490a0747af1db2aa46eeb0532bb790397
parent19c402afa2e1190f596f35a84ac049b10d814f1f (diff)
downloadu-boot-imx-80e4df8ac661ada5308f3bffebe4e6fae1f8e990.zip
u-boot-imx-80e4df8ac661ada5308f3bffebe4e6fae1f8e990.tar.gz
u-boot-imx-80e4df8ac661ada5308f3bffebe4e6fae1f8e990.tar.bz2
mkimage: Add -k option to specify key directory
Keys required for signing images will be in a specific directory. Add a -k option to specify that directory. Also update the mkimage man page with this information and a clearer list of available commands. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> (v1)
-rw-r--r--doc/mkimage.125
-rw-r--r--tools/fit_image.c2
-rw-r--r--tools/mkimage.c15
-rw-r--r--tools/mkimage.h1
4 files changed, 38 insertions, 5 deletions
diff --git a/doc/mkimage.1 b/doc/mkimage.1
index 39652c8..6740fb1 100644
--- a/doc/mkimage.1
+++ b/doc/mkimage.1
@@ -4,7 +4,14 @@
mkimage \- Generate image for U-Boot
.SH SYNOPSIS
.B mkimage
-.RB [\fIoptions\fP]
+.RB "\-l [" "uimage file name" "]"
+
+.B mkimage
+.RB [\fIoptions\fP] " \-f [" "image tree source file" "]" " [" "uimage file name" "]"
+
+.B mkimage
+.RB [\fIoptions\fP] " (legacy mode)"
+
.SH "DESCRIPTION"
The
.B mkimage
@@ -26,7 +33,8 @@ etc.
The new
.I FIT (Flattened Image Tree) format
allows for more flexibility in handling images of various types and also
-enhances integrity protection of images with stronger checksums.
+enhances integrity protection of images with stronger checksums. It also
+supports verified boot.
.SH "OPTIONS"
@@ -67,6 +75,10 @@ Set load address with a hex number.
Set entry point with a hex number.
.TP
+.BI "\-l"
+List the contents of an image.
+
+.TP
.BI "\-n [" "image name" "]"
Set image name to 'image name'.
@@ -91,6 +103,12 @@ create the image.
Image tree source file that describes the structure and contents of the
FIT image.
+.TP
+.BI "\-k [" "key_directory" "]"
+Specifies the directory containing keys to use for signing. This directory
+should contain a private key file <name>.key for use with signing and a
+certificate <name>.crt (containing the public key) for use with verification.
+
.SH EXAMPLES
List image information:
@@ -115,4 +133,5 @@ http://www.denx.de/wiki/U-Boot/WebHome
.PP
.SH AUTHOR
This manual page was written by Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
-and Wolfgang Denk <wd@denx.de>
+and Wolfgang Denk <wd@denx.de>. It was updated for image signing by
+Simon Glass <sjg@chromium.org>.
diff --git a/tools/fit_image.c b/tools/fit_image.c
index ef6ef44..339e0f8 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -137,7 +137,7 @@ static int fit_handle_file (struct mkimage_params *params)
goto err_mmap;
/* set hashes for images in the blob */
- if (fit_add_verification_data(NULL, NULL, ptr, NULL, 0)) {
+ if (fit_add_verification_data(params->keydir, NULL, ptr, NULL, 0)) {
fprintf (stderr, "%s Can't add hashes to FIT blob",
params->cmdname);
goto err_add_hashes;
diff --git a/tools/mkimage.c b/tools/mkimage.c
index e43b09f..def7df2 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -248,6 +248,11 @@ main (int argc, char **argv)
params.datafile = *++argv;
params.fflag = 1;
goto NXTARG;
+ case 'k':
+ if (--argc <= 0)
+ usage();
+ params.keydir = *++argv;
+ goto NXTARG;
case 'n':
if (--argc <= 0)
usage ();
@@ -623,8 +628,16 @@ usage ()
" -d ==> use image data from 'datafile'\n"
" -x ==> set XIP (execute in place)\n",
params.cmdname);
- fprintf (stderr, " %s [-D dtc_options] -f fit-image.its fit-image\n",
+ fprintf(stderr, " %s [-D dtc_options] -f fit-image.its fit-image\n",
params.cmdname);
+ fprintf(stderr, " -D => set options for device tree compiler\n"
+ " -f => input filename for FIT source\n");
+#ifdef CONFIG_FIT_SIGNATURE
+ fprintf(stderr, "Signing / verified boot options: [-k keydir]\n"
+ " -k => set directory containing private keys\n");
+#else
+ fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
+#endif
fprintf (stderr, " %s -V ==> print version information and exit\n",
params.cmdname);
diff --git a/tools/mkimage.h b/tools/mkimage.h
index 03c6c8f..059e124 100644
--- a/tools/mkimage.h
+++ b/tools/mkimage.h
@@ -87,6 +87,7 @@ struct mkimage_params {
char *datafile;
char *imagefile;
char *cmdname;
+ const char *keydir; /* Directory holding private keys */
};
/*