summaryrefslogtreecommitdiff
path: root/doc/mkimage.1
Commit message (Collapse)AuthorAgeLines
* mkimage: Add -r option to specify keys that must be verifiedSimon Glass2013-06-26-0/+6
| | | | | | | | | | | | | | | | | | | | | | Normally, multiple public keys can be provided and U-Boot is not required to use all of them for verification. This is because some images may not be signed, or may be optionally signed. But we still need a mechanism to determine when a key must be used. This feature cannot be implemented in the FIT itself, since anyone could change it to mark a key as optional. The requirement for key verification must go in with the public keys, in a place that is protected from modification. Add a -r option which tells mkimage to mark all keys that it uses for signing as 'required'. If some keys are optional and some are required, run mkimage several times (perhaps with different key directories if some keys are very secret) using the -F flag to update an existing FIT. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* mkimage: Add -c option to specify a comment for key signingSimon Glass2013-06-26-0/+6
| | | | | | | | | When signing an image, it is useful to add some details about which tool or person is authorising the signing. Add a comment field which can take care of miscellaneous requirements. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* mkimage: Add -F option to modify an existing .fit fileSimon Glass2013-06-26-0/+20
| | | | | | | | | | | | | When signing images it is sometimes necessary to sign with different keys at different times, or make the signer entirely separate from the FIT creation to avoid needing the private keys to be publicly available in the system. Add a -F option so that key signing can be a separate step, and possibly done multiple times as different keys are avaiable. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* mkimage: Add -K to write public keys to an FDT blobSimon Glass2013-06-26-0/+16
| | | | | | | | | | | | | | | | FIT image verification requires public keys. Add a convenient option to mkimage to write the public keys to an FDT blob when it uses then for signing an image. This allows us to use: mkimage -f test.its -K dest.dtb -k keys test.fit and have the signatures written to test.fit and the corresponding public keys written to dest.dtb. Then dest.dtb can be used as the control FDT for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the public keys it needs. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* mkimage: Add -k option to specify key directorySimon Glass2013-06-26-3/+22
| | | | | | | | | | | Keys required for signing images will be in a specific directory. Add a -k option to specify that directory. Also update the mkimage man page with this information and a clearer list of available commands. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> (v1)
* doc/mkimage.1: Fix -D/-f options formattingHorst Kronstorfer2011-12-23-2/+2
| | | | Signed-off-by: Horst Kronstorfer <hkronsto@frequentis.com>
* doc/mkimage.1: Fix some typosHorst Kronstorfer2011-12-21-6/+6
| | | | | Signed-off-by: Horst Kronstorfer <hkronsto@frequentis.com> Acked-by: Mike Frysinger <vapier@gentoo.org>
* Escape minus signs in manpageLoïc Minier2011-01-19-4/+4
| | | | | | | | | | | By default, "-" chars are interpreted as hyphens (U+2010) by groff, not as minus signs (U+002D). Since options to programs use minus signs (U+002D), this means for example in UTF-8 locales that you cannot cut and paste options, nor search for them easily. (Reported by lintian.) Signed-off-by: Loïc Minier <loic.minier@linaro.org>
* Add mkimage manpageNobuhiro Iwamatsu2010-08-08-0/+118
Some Linux distributions include the "mkimage" as a package. This commit provides a manual page for mkimage. Signed-off-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org> Added documentation for FIT images and examples. Moved to doc/ directory. Signed-off-by: Wolfgang Denk <wd@denx.de>