Patchwork [U-Boot,RFC,36/44] mkimage: Add -k option to specify key directory

login
register
mail settings
Submitter Simon Glass
Date Jan. 5, 2013, 1:52 a.m.
Message ID <1357350734-13737-37-git-send-email-sjg@chromium.org>
Download mbox | patch
Permalink /patch/209636/
State Superseded, archived
Headers show

Comments

Simon Glass - Jan. 5, 2013, 1:52 a.m.
Keys required for signing images will be in a specific directory. Add a
-k option to specify that directory.

Also update the mkimage man page with this information and a clearer list
of available commands.

Signed-off-by: Simon Glass <sjg@chromium.org>
---
 doc/mkimage.1     |   25 ++++++++++++++++++++++---
 tools/fit_image.c |    2 +-
 tools/mkimage.c   |    9 +++++++--
 tools/mkimage.h   |    1 +
 4 files changed, 31 insertions(+), 6 deletions(-)
Marek Vasut - Jan. 5, 2013, 8:24 a.m.
Dear Simon Glass,

> Keys required for signing images will be in a specific directory. Add a
> -k option to specify that directory.
> 
> Also update the mkimage man page with this information and a clearer list
> of available commands.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

Reviewed-by: Marek Vasut <marex@denx.de>

Best regards,
Marek Vasut

Patch

diff --git a/doc/mkimage.1 b/doc/mkimage.1
index 39652c8..6740fb1 100644
--- a/doc/mkimage.1
+++ b/doc/mkimage.1
@@ -4,7 +4,14 @@ 
 mkimage \- Generate image for U-Boot
 .SH SYNOPSIS
 .B mkimage
-.RB [\fIoptions\fP]
+.RB "\-l [" "uimage file name" "]"
+
+.B mkimage
+.RB [\fIoptions\fP] " \-f [" "image tree source file" "]" " [" "uimage file name" "]"
+
+.B mkimage
+.RB [\fIoptions\fP] " (legacy mode)"
+
 .SH "DESCRIPTION"
 The
 .B mkimage
@@ -26,7 +33,8 @@  etc.
 The new
 .I FIT (Flattened Image Tree) format
 allows for more flexibility in handling images of various types and also
-enhances integrity protection of images with stronger checksums.
+enhances integrity protection of images with stronger checksums. It also
+supports verified boot.
 
 .SH "OPTIONS"
 
@@ -67,6 +75,10 @@  Set load address with a hex number.
 Set entry point with a hex number.
 
 .TP
+.BI "\-l"
+List the contents of an image.
+
+.TP
 .BI "\-n [" "image name" "]"
 Set image name to 'image name'.
 
@@ -91,6 +103,12 @@  create the image.
 Image tree source file that describes the structure and contents of the
 FIT image.
 
+.TP
+.BI "\-k [" "key_directory" "]"
+Specifies the directory containing keys to use for signing. This directory
+should contain a private key file <name>.key for use with signing and a
+certificate <name>.crt (containing the public key) for use with verification.
+
 .SH EXAMPLES
 
 List image information:
@@ -115,4 +133,5 @@  http://www.denx.de/wiki/U-Boot/WebHome
 .PP
 .SH AUTHOR
 This manual page was written by Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
-and Wolfgang Denk <wd@denx.de>
+and Wolfgang Denk <wd@denx.de>. It was updated for image signing by
+Simon Glass <sjg@chromium.org>.
diff --git a/tools/fit_image.c b/tools/fit_image.c
index 0f619a2..5d04f96 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -137,7 +137,7 @@  static int fit_handle_file (struct mkimage_params *params)
 		goto err_mmap;
 
 	/* set hashes for images in the blob */
-	if (fit_add_verification_data(NULL, NULL, ptr, NULL, 0)) {
+	if (fit_add_verification_data(params->keydir, NULL, ptr, NULL, 0)) {
 		fprintf (stderr, "%s Can't add hashes to FIT blob",
 				params->cmdname);
 		goto err_add_hashes;
diff --git a/tools/mkimage.c b/tools/mkimage.c
index e43b09f..0eae136 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -248,6 +248,11 @@  main (int argc, char **argv)
 				params.datafile = *++argv;
 				params.fflag = 1;
 				goto NXTARG;
+			case 'k':
+				if (--argc <= 0)
+					usage();
+				params.keydir = *++argv;
+				goto NXTARG;
 			case 'n':
 				if (--argc <= 0)
 					usage ();
@@ -623,8 +628,8 @@  usage ()
 			 "          -d ==> use image data from 'datafile'\n"
 			 "          -x ==> set XIP (execute in place)\n",
 		params.cmdname);
-	fprintf (stderr, "       %s [-D dtc_options] -f fit-image.its fit-image\n",
-		params.cmdname);
+	fprintf(stderr, "       %s [-k keydir] [-D dtc_options]"
+			" -f fit-image.its fit-image\n", params.cmdname);
 	fprintf (stderr, "       %s -V ==> print version information and exit\n",
 		params.cmdname);
 
diff --git a/tools/mkimage.h b/tools/mkimage.h
index e07a615..2a5f115 100644
--- a/tools/mkimage.h
+++ b/tools/mkimage.h
@@ -75,6 +75,7 @@  struct mkimage_params {
 	char *datafile;
 	char *imagefile;
 	char *cmdname;
+	const char *keydir;	/* Directory holding private keys */
 };
 
 /*