From 4f6104270146c76fcaf46e951f84cdc1612a04b7 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Thu, 13 Jun 2013 15:10:06 -0700 Subject: mkimage: Add -c option to specify a comment for key signing When signing an image, it is useful to add some details about which tool or person is authorising the signing. Add a comment field which can take care of miscellaneous requirements. Signed-off-by: Simon Glass Reviewed-by: Marek Vasut --- doc/mkimage.1 | 6 ++++++ tools/fit_image.c | 4 ++-- tools/mkimage.c | 8 +++++++- tools/mkimage.h | 1 + 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/doc/mkimage.1 b/doc/mkimage.1 index f9c733a5e6..b67a35178a 100644 --- a/doc/mkimage.1 +++ b/doc/mkimage.1 @@ -96,6 +96,12 @@ Set XIP (execute in place) flag. .P .B Create FIT image: +.TP +.BI "\-c [" "comment" "]" +Specifies a comment to be added when signing. This is typically a useful +message which describes how the image was signed or some other useful +information. + .TP .BI "\-D [" "dtc options" "]" Provide special options to the device tree compiler that is used to diff --git a/tools/fit_image.c b/tools/fit_image.c index 645e93c346..d48f571b0f 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -153,9 +153,9 @@ static int fit_handle_file (struct mkimage_params *params) /* set hashes for images in the blob */ if (fit_add_verification_data(params->keydir, dest_blob, ptr, - NULL, 0)) { + params->comment, 0)) { fprintf (stderr, "%s Can't add hashes to FIT blob", - params->cmdname); + params->cmdname); goto err_add_hashes; } diff --git a/tools/mkimage.c b/tools/mkimage.c index e2b82d0c5c..b3b45a47a3 100644 --- a/tools/mkimage.c +++ b/tools/mkimage.c @@ -183,6 +183,11 @@ main (int argc, char **argv) genimg_get_arch_id (*++argv)) < 0) usage (); goto NXTARG; + case 'c': + if (--argc <= 0) + usage(); + params.comment = *++argv; + goto NXTARG; case 'C': if ((--argc <= 0) || (params.comp = @@ -640,9 +645,10 @@ usage () fprintf(stderr, " -D => set options for device tree compiler\n" " -f => input filename for FIT source\n"); #ifdef CONFIG_FIT_SIGNATURE - fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb]\n" + fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb] [ -c ]\n" " -k => set directory containing private keys\n" " -K => write public keys to this .dtb file\n" + " -c => add comment in signature node\n" " -F => re-sign existing FIT image\n"); #else fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n"); diff --git a/tools/mkimage.h b/tools/mkimage.h index 63b9b4f8be..ab8baf8f05 100644 --- a/tools/mkimage.h +++ b/tools/mkimage.h @@ -89,6 +89,7 @@ struct mkimage_params { char *cmdname; const char *keydir; /* Directory holding private keys */ const char *keydest; /* Destination .dtb for public key */ + const char *comment; /* Comment to add to signature node */ }; /* -- cgit v1.2.1