| Commit message (Collapse) | Author | Age | Lines |
|---|
| |
|
|
|
|
|
|
| |
Becuase fdt_check_header function takes (const void *)
type argument, the argument should be passed to it
without being casted to (char *).
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
|
| |
|
|
|
|
| |
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Normally, multiple public keys can be provided and U-Boot is not
required to use all of them for verification. This is because some
images may not be signed, or may be optionally signed.
But we still need a mechanism to determine when a key must be used.
This feature cannot be implemented in the FIT itself, since anyone
could change it to mark a key as optional. The requirement for
key verification must go in with the public keys, in a place that
is protected from modification.
Add a -r option which tells mkimage to mark all keys that it uses
for signing as 'required'.
If some keys are optional and some are required, run mkimage several
times (perhaps with different key directories if some keys are very
secret) using the -F flag to update an existing FIT.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
|
| |
|
|
|
|
|
|
|
| |
When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When signing images it is sometimes necessary to sign with different keys
at different times, or make the signer entirely separate from the FIT
creation to avoid needing the private keys to be publicly available in
the system.
Add a -F option so that key signing can be a separate step, and possibly
done multiple times as different keys are avaiable.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FIT image verification requires public keys. Add a convenient option to
mkimage to write the public keys to an FDT blob when it uses then for
signing an image. This allows us to use:
mkimage -f test.its -K dest.dtb -k keys test.fit
and have the signatures written to test.fit and the corresponding public
keys written to dest.dtb. Then dest.dtb can be used as the control FDT
for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
public keys it needs.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Keys required for signing images will be in a specific directory. Add a
-k option to specify that directory.
Also update the mkimage man page with this information and a clearer list
of available commands.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)
|
| |
|
|
|
|
|
|
| |
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
The fit_handle_file() function is quite long - split out the part that
loads and checks a FIT into its own function. We will use this
function for storing public keys into a destination FDT file.
The error handling is currently a bit repetitive - tidy it.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
| |
We intend to add signatures to FITs also, so rename this function so that
it is not specific to hashing. Also rename fit_image_set_hashes() and
make it static since it is not used outside this file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
|
| |
|
|
| |
Signed-off-by: Lars Rasmusson <Lars.Rasmusson@sics.se>
|
| |
|
|
|
|
|
|
|
| |
The FIT fit_set_header() function was copied from the standard uImage's
image_set_header() function during mkimage reorganization. However, the
fit_set_header() function is not used since FIT images use a standard
device tree blob header.
Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
|
|
|
This is a first step towards reorganizing the mkimage code to make it
easier to add support for additional images types. Current mkimage
code is specific to generating uImage and FIT image files, but the
same framework can be used to generate other image types like
Kirkwood boot images (kwbimage-TBD). For this, the mkimage code gets
reworked:
Here is the brief plan for the same:-
a) Split mkimage code into core and image specific support
b) Implement callback functions for image specific code
c) Move image type specific code to respective C files
Currently there are two types of file generation/list
supported (i.e uImage, FIT), the code is abstracted from
mkimage.c/.h and put in default_image.c and fit_image.c;
all code in these file is static except init function call
d) mkimage_register API is added to add new image type support
All above is addressed in this patch
e) Add kwbimage type support to this new framework (TBD)
This will be implemented in a following commit.
Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com>
Edit commit message, fix coding style and typos.
Signed-off-by: Wolfgang Denk <wd@denx.de>
|
