summaryrefslogtreecommitdiffstats
path: root/tools/fit_image.c
Commit message (Collapse)AuthorAgeFilesLines
* mkimage: Add -r option to specify keys that must be verifiedSimon Glass2013-06-261-4/+5
| | | | | | | | | | | | | | | | | | | | | | Normally, multiple public keys can be provided and U-Boot is not required to use all of them for verification. This is because some images may not be signed, or may be optionally signed. But we still need a mechanism to determine when a key must be used. This feature cannot be implemented in the FIT itself, since anyone could change it to mark a key as optional. The requirement for key verification must go in with the public keys, in a place that is protected from modification. Add a -r option which tells mkimage to mark all keys that it uses for signing as 'required'. If some keys are optional and some are required, run mkimage several times (perhaps with different key directories if some keys are very secret) using the -F flag to update an existing FIT. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* mkimage: Add -c option to specify a comment for key signingSimon Glass2013-06-261-2/+2
| | | | | | | | | When signing an image, it is useful to add some details about which tool or person is authorising the signing. Add a comment field which can take care of miscellaneous requirements. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* mkimage: Add -F option to modify an existing .fit fileSimon Glass2013-06-261-6/+12
| | | | | | | | | | | | | When signing images it is sometimes necessary to sign with different keys at different times, or make the signer entirely separate from the FIT creation to avoid needing the private keys to be publicly available in the system. Add a -F option so that key signing can be a separate step, and possibly done multiple times as different keys are avaiable. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* mkimage: Add -K to write public keys to an FDT blobSimon Glass2013-06-261-2/+19
| | | | | | | | | | | | | | | | FIT image verification requires public keys. Add a convenient option to mkimage to write the public keys to an FDT blob when it uses then for signing an image. This allows us to use: mkimage -f test.its -K dest.dtb -k keys test.fit and have the signatures written to test.fit and the corresponding public keys written to dest.dtb. Then dest.dtb can be used as the control FDT for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the public keys it needs. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* mkimage: Add -k option to specify key directorySimon Glass2013-06-261-1/+1
| | | | | | | | | | | Keys required for signing images will be in a specific directory. Add a -k option to specify that directory. Also update the mkimage man page with this information and a clearer list of available commands. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> (v1)
* image: Support signing of imagesSimon Glass2013-06-261-1/+1
| | | | | | | | Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org>
* mkimage: Put FIT loading in function and tidy error handlingSimon Glass2013-05-141-39/+57
| | | | | | | | | | The fit_handle_file() function is quite long - split out the part that loads and checks a FIT into its own function. We will use this function for storing public keys into a destination FDT file. The error handling is currently a bit repetitive - tidy it. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Rename fit_add_hashes() to fit_add_verification_data()Simon Glass2013-05-141-1/+1
| | | | | | | | | We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* Correct comment to show the parameters as defined in tools/mkimage.hLars Rasmusson2012-12-111-1/+1
| | | | Signed-off-by: Lars Rasmusson <Lars.Rasmusson@sics.se>
* tools/fit_image.c: Remove unused fit_set_header()Peter Tyser2009-12-051-33/+1
| | | | | | | | | The FIT fit_set_header() function was copied from the standard uImage's image_set_header() function during mkimage reorganization. However, the fit_set_header() function is not used since FIT images use a standard device tree blob header. Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
* tools: mkimage: split code into core, default and FIT image specificPrafulla Wadaskar2009-09-101-0/+212
This is a first step towards reorganizing the mkimage code to make it easier to add support for additional images types. Current mkimage code is specific to generating uImage and FIT image files, but the same framework can be used to generate other image types like Kirkwood boot images (kwbimage-TBD). For this, the mkimage code gets reworked: Here is the brief plan for the same:- a) Split mkimage code into core and image specific support b) Implement callback functions for image specific code c) Move image type specific code to respective C files Currently there are two types of file generation/list supported (i.e uImage, FIT), the code is abstracted from mkimage.c/.h and put in default_image.c and fit_image.c; all code in these file is static except init function call d) mkimage_register API is added to add new image type support All above is addressed in this patch e) Add kwbimage type support to this new framework (TBD) This will be implemented in a following commit. Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com> Edit commit message, fix coding style and typos. Signed-off-by: Wolfgang Denk <wd@denx.de>
OpenPOWER on IntegriCloud