diff options
author | Simon Glass <sjg@chromium.org> | 2013-06-13 15:10:03 -0700 |
---|---|---|
committer | Tom Rini <trini@ti.com> | 2013-06-26 10:18:56 -0400 |
commit | 80e4df8ac661ada5308f3bffebe4e6fae1f8e990 (patch) | |
tree | bb12060490a0747af1db2aa46eeb0532bb790397 | |
parent | 19c402afa2e1190f596f35a84ac049b10d814f1f (diff) | |
download | u-boot-imx-80e4df8ac661ada5308f3bffebe4e6fae1f8e990.zip u-boot-imx-80e4df8ac661ada5308f3bffebe4e6fae1f8e990.tar.gz u-boot-imx-80e4df8ac661ada5308f3bffebe4e6fae1f8e990.tar.bz2 |
mkimage: Add -k option to specify key directory
Keys required for signing images will be in a specific directory. Add a
-k option to specify that directory.
Also update the mkimage man page with this information and a clearer list
of available commands.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)
-rw-r--r-- | doc/mkimage.1 | 25 | ||||
-rw-r--r-- | tools/fit_image.c | 2 | ||||
-rw-r--r-- | tools/mkimage.c | 15 | ||||
-rw-r--r-- | tools/mkimage.h | 1 |
4 files changed, 38 insertions, 5 deletions
diff --git a/doc/mkimage.1 b/doc/mkimage.1 index 39652c8..6740fb1 100644 --- a/doc/mkimage.1 +++ b/doc/mkimage.1 @@ -4,7 +4,14 @@ mkimage \- Generate image for U-Boot .SH SYNOPSIS .B mkimage -.RB [\fIoptions\fP] +.RB "\-l [" "uimage file name" "]" + +.B mkimage +.RB [\fIoptions\fP] " \-f [" "image tree source file" "]" " [" "uimage file name" "]" + +.B mkimage +.RB [\fIoptions\fP] " (legacy mode)" + .SH "DESCRIPTION" The .B mkimage @@ -26,7 +33,8 @@ etc. The new .I FIT (Flattened Image Tree) format allows for more flexibility in handling images of various types and also -enhances integrity protection of images with stronger checksums. +enhances integrity protection of images with stronger checksums. It also +supports verified boot. .SH "OPTIONS" @@ -67,6 +75,10 @@ Set load address with a hex number. Set entry point with a hex number. .TP +.BI "\-l" +List the contents of an image. + +.TP .BI "\-n [" "image name" "]" Set image name to 'image name'. @@ -91,6 +103,12 @@ create the image. Image tree source file that describes the structure and contents of the FIT image. +.TP +.BI "\-k [" "key_directory" "]" +Specifies the directory containing keys to use for signing. This directory +should contain a private key file <name>.key for use with signing and a +certificate <name>.crt (containing the public key) for use with verification. + .SH EXAMPLES List image information: @@ -115,4 +133,5 @@ http://www.denx.de/wiki/U-Boot/WebHome .PP .SH AUTHOR This manual page was written by Nobuhiro Iwamatsu <iwamatsu@nigauri.org> -and Wolfgang Denk <wd@denx.de> +and Wolfgang Denk <wd@denx.de>. It was updated for image signing by +Simon Glass <sjg@chromium.org>. diff --git a/tools/fit_image.c b/tools/fit_image.c index ef6ef44..339e0f8 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -137,7 +137,7 @@ static int fit_handle_file (struct mkimage_params *params) goto err_mmap; /* set hashes for images in the blob */ - if (fit_add_verification_data(NULL, NULL, ptr, NULL, 0)) { + if (fit_add_verification_data(params->keydir, NULL, ptr, NULL, 0)) { fprintf (stderr, "%s Can't add hashes to FIT blob", params->cmdname); goto err_add_hashes; diff --git a/tools/mkimage.c b/tools/mkimage.c index e43b09f..def7df2 100644 --- a/tools/mkimage.c +++ b/tools/mkimage.c @@ -248,6 +248,11 @@ main (int argc, char **argv) params.datafile = *++argv; params.fflag = 1; goto NXTARG; + case 'k': + if (--argc <= 0) + usage(); + params.keydir = *++argv; + goto NXTARG; case 'n': if (--argc <= 0) usage (); @@ -623,8 +628,16 @@ usage () " -d ==> use image data from 'datafile'\n" " -x ==> set XIP (execute in place)\n", params.cmdname); - fprintf (stderr, " %s [-D dtc_options] -f fit-image.its fit-image\n", + fprintf(stderr, " %s [-D dtc_options] -f fit-image.its fit-image\n", params.cmdname); + fprintf(stderr, " -D => set options for device tree compiler\n" + " -f => input filename for FIT source\n"); +#ifdef CONFIG_FIT_SIGNATURE + fprintf(stderr, "Signing / verified boot options: [-k keydir]\n" + " -k => set directory containing private keys\n"); +#else + fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n"); +#endif fprintf (stderr, " %s -V ==> print version information and exit\n", params.cmdname); diff --git a/tools/mkimage.h b/tools/mkimage.h index 03c6c8f..059e124 100644 --- a/tools/mkimage.h +++ b/tools/mkimage.h @@ -87,6 +87,7 @@ struct mkimage_params { char *datafile; char *imagefile; char *cmdname; + const char *keydir; /* Directory holding private keys */ }; /* |