From patchwork Mon Mar 18 23:51:57 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Glass <sjg@chromium.org>
X-Patchwork-Id: 228870
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from theia.denx.de (theia.denx.de [85.214.87.163])
	by ozlabs.org (Postfix) with ESMTP id 6416D2C00A7
	for <incoming@patchwork.ozlabs.org>;
	Tue, 19 Mar 2013 11:03:06 +1100 (EST)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id D59BB4A22D;
	Tue, 19 Mar 2013 00:59:35 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at theia.denx.de
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id dbvL6KyVO+4y; Tue, 19 Mar 2013 00:59:35 +0100 (CET)
Received: from theia.denx.de (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 71A084A164;
	Tue, 19 Mar 2013 00:54:29 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 3DBD14A057
	for <u-boot@lists.denx.de>; Tue, 19 Mar 2013 00:53:57 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at theia.denx.de
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id BqDx90H03z0L for <u-boot@lists.denx.de>;
	Tue, 19 Mar 2013 00:53:45 +0100 (CET)
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
	NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested)
Received: from mail-vc0-f201.google.com (mail-vc0-f201.google.com
	[209.85.220.201])
	by theia.denx.de (Postfix) with ESMTPS id D68CE4A08A
	for <u-boot@lists.denx.de>; Tue, 19 Mar 2013 00:53:24 +0100 (CET)
Received: by mail-vc0-f201.google.com with SMTP id hf12so462729vcb.0
	for <u-boot@lists.denx.de>; Mon, 18 Mar 2013 16:53:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=x-received:from:to:cc:subject:date:message-id:x-mailer:in-reply-to
	:references:x-gm-message-state;
	bh=J6ibj9iSLiONqCvS5hn4uHBDWw/HH/v+valur7B6fz4=;
	b=YMgSCiLTTaTSo2ASY5xbekH/pmxvJ0PQII2iYP2W2JLSmpRHWxULwGXvoMnirgN3N7
	Tr487KQTKL3kW6fNxCxrkC7GQsKoKuIRc23mvouErNHiCz2cadMri7VjPadur+XD/wuK
	BHmh85g/4LVxCqQgb3iKYvKr01gSHX2D2jl7027SZBd/UAtnpYQJE9KYIXyOoj7PpptQ
	PUPTOmr/9Ph488npAtryRy084q/VdOaFdmhs/fjNaZNrSl45HXd+nSzW0Gd9lwL+qSDi
	p8ZWkzSbHUAcg2QL7Wz1icGjwGXh/bKllQKBf5DY8id8uBd3PxxRjNJ2cdBIxyn3/O2I
	wowA==
X-Received: by 10.58.1.69 with SMTP id 5mr15935691vek.34.1363650802737;
	Mon, 18 Mar 2013 16:53:22 -0700 (PDT)
Received: from corp2gmr1-1.hot.corp.google.com
	(corp2gmr1-1.hot.corp.google.com [172.24.189.92])
	by gmr-mx.google.com with ESMTPS id
	b67si2189758yhi.2.2013.03.18.16.53.22
	(version=TLSv1.1 cipher=AES128-SHA bits=128/128);
	Mon, 18 Mar 2013 16:53:22 -0700 (PDT)
Received: from kaka.mtv.corp.google.com (kaka.mtv.corp.google.com
	[172.22.73.79])
	by corp2gmr1-1.hot.corp.google.com (Postfix) with ESMTP id
	8115631C1D7; Mon, 18 Mar 2013 16:53:22 -0700 (PDT)
Received: by kaka.mtv.corp.google.com (Postfix, from userid 121222)
	id 5FC0316036D; Mon, 18 Mar 2013 16:53:22 -0700 (PDT)
From: Simon Glass <sjg@chromium.org>
To: U-Boot Mailing List <u-boot@lists.denx.de>
Date: Mon, 18 Mar 2013 16:51:57 -0700
Message-Id: <1363650725-30459-38-git-send-email-sjg@chromium.org>
X-Mailer: git-send-email 1.8.1.3
In-Reply-To: <1363650725-30459-1-git-send-email-sjg@chromium.org>
References: <1363650725-30459-1-git-send-email-sjg@chromium.org>
X-Gm-Message-State: 
 ALoCoQmZQ1LgximbebyJdcK4aWo8lFKkBrKhLBujpaL9wdbGJcjgs9jJj1Vd51l1R4l2PWZVS2+vT56XDl7R8G6em8sfxdY426eP6vhznKtxBI7w7QEkNRsnhO1PxIxtNn/irbYy6jmtKPq2CewRhw2K3O9nmjcr4ON5byO8f0KCvMVXgAsxWsMGBw3Z5q4EBg+aECQWShQ8
Cc: Joel A Fernandes <joelagnel@ti.com>, Will Drewry <wad@chromium.org>,
	Joe Hershberger <joe.hershberger@ni.com>, u-boot-review@google.com,
	Bill Richardson <wfrichar@chromium.org>,
	Randall Spangler <rspangler@chromium.org>,
	Tom Rini <trini@ti.com>, Vadim Bendebury <vbendeb@chromium.org>,
	=?UTF-8?q?Andreas=20B=C3=A4ck?= <andreas.back778@gmail.com>,
	Kees Cook <keescook@chromium.org>
Subject: [U-Boot] [PATCH v2 37/45] mkimage: Add -F option to modify an
	existing .fit file
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <http://lists.denx.de/mailman/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <http://lists.denx.de/mailman/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Sender: u-boot-bounces@lists.denx.de
Errors-To: u-boot-bounces@lists.denx.de

When signing images it is sometimes necessary to sign with different keys
at different times, or make the signer entirely separate from the FIT
creation to avoid needing the private keys to be publicly available in
the system.

Add a -F option so that key signing can be a separate step, and possibly
done multiple times as different keys are avaiable.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
---
Changes in v2:
- Adjust mkimage help to separate out signing options
- Fix checkpatch checks about parenthesis alignment
- Rebase on previous patches

 doc/mkimage.1     | 20 ++++++++++++++++++++
 tools/fit_image.c | 18 ++++++++++++------
 tools/mkimage.c   |  9 ++++++---
 3 files changed, 38 insertions(+), 9 deletions(-)

diff --git a/doc/mkimage.1 b/doc/mkimage.1
index 8185ff5..f9c733a 100644
--- a/doc/mkimage.1
+++ b/doc/mkimage.1
@@ -10,6 +10,9 @@ mkimage \- Generate image for U-Boot
 .RB [\fIoptions\fP] " \-f [" "image tree source file" "]" " [" "uimage file name" "]"
 
 .B mkimage
+.RB [\fIoptions\fP] " \-F [" "uimage file name" "]"
+
+.B mkimage
 .RB [\fIoptions\fP] " (legacy mode)"
 
 .SH "DESCRIPTION"
@@ -104,6 +107,13 @@ Image tree source file that describes the structure and contents of the
 FIT image.
 
 .TP
+.BI "\-F"
+Indicates that an existing FIT image should be modified. No dtc
+compilation is performed and the -f flag should not be given.
+This can be used to sign images with additional keys after initial image
+creation.
+
+.TP
 .BI "\-k [" "key_directory" "]"
 Specifies the directory containing keys to use for signing. This directory
 should contain a private key file <name>.key for use with signing and a
@@ -144,6 +154,16 @@ skipping those for which keys cannot be found. Also add a comment.
 -c "Kernel 3.8 image for production devices" kernel.itb
 .fi
 
+.P
+Update an existing FIT image, signing it with additional keys.
+Add corresponding public keys into u-boot.dtb. This will resign all images
+with keys that are available in the new directory. Images that request signing
+with unavailable keys are skipped.
+.nf
+.B mkimage -F -k /secret/signing-keys -K u-boot.dtb \\\\
+-c "Kernel 3.8 image for production devices" kernel.itb
+.fi
+
 .SH HOMEPAGE
 http://www.denx.de/wiki/U-Boot/WebHome
 .PP
diff --git a/tools/fit_image.c b/tools/fit_image.c
index b17fa2d..645e93c 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -124,10 +124,16 @@ static int fit_handle_file (struct mkimage_params *params)
 	}
 	sprintf (tmpfile, "%s%s", params->imagefile, MKIMAGE_TMPFILE_SUFFIX);
 
-	/* dtc -I dts -O dtb -p 500 datafile > tmpfile */
-	sprintf (cmd, "%s %s %s > %s",
-		MKIMAGE_DTC, params->dtc, params->datafile, tmpfile);
-	debug ("Trying to execute \"%s\"\n", cmd);
+	/* We either compile the source file, or use the existing FIT image */
+	if (params->datafile) {
+		/* dtc -I dts -O dtb -p 500 datafile > tmpfile */
+		snprintf(cmd, sizeof(cmd), "%s %s %s > %s",
+			 MKIMAGE_DTC, params->dtc, params->datafile, tmpfile);
+		debug("Trying to execute \"%s\"\n", cmd);
+	} else {
+		snprintf(cmd, sizeof(cmd), "cp %s %s",
+			 params->imagefile, tmpfile);
+	}
 	if (system (cmd) == -1) {
 		fprintf (stderr, "%s: system(%s) failed: %s\n",
 				params->cmdname, cmd, strerror(errno));
@@ -153,8 +159,8 @@ static int fit_handle_file (struct mkimage_params *params)
 		goto err_add_hashes;
 	}
 
-	/* add a timestamp at offset 0 i.e., root  */
-	if (fit_set_timestamp (ptr, 0, sbuf.st_mtime)) {
+	/* for first image creation, add a timestamp at offset 0 i.e., root  */
+	if (params->datafile && fit_set_timestamp(ptr, 0, sbuf.st_mtime)) {
 		fprintf (stderr, "%s: Can't add image timestamp\n",
 				params->cmdname);
 		goto err_add_timestamp;
diff --git a/tools/mkimage.c b/tools/mkimage.c
index 3760392..e2b82d0 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -240,12 +240,14 @@ main (int argc, char **argv)
 			case 'f':
 				if (--argc <= 0)
 					usage ();
+				params.datafile = *++argv;
+				/* no break */
+			case 'F':
 				/*
 				 * The flattened image tree (FIT) format
 				 * requires a flattened device tree image type
 				 */
 				params.type = IH_TYPE_FLATDT;
-				params.datafile = *++argv;
 				params.fflag = 1;
 				goto NXTARG;
 			case 'k':
@@ -633,14 +635,15 @@ usage ()
 			 "          -d ==> use image data from 'datafile'\n"
 			 "          -x ==> set XIP (execute in place)\n",
 		params.cmdname);
-	fprintf(stderr, "       %s [-D dtc_options] -f fit-image.its fit-image\n",
+	fprintf(stderr, "       %s [-D dtc_options] [-f fit-image.its|-F] fit-image\n",
 		params.cmdname);
 	fprintf(stderr, "          -D => set options for device tree compiler\n"
 			"          -f => input filename for FIT source\n");
 #ifdef CONFIG_FIT_SIGNATURE
 	fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb]\n"
 			"          -k => set directory containing private keys\n"
-			"          -K => write public keys to this .dtb file\n");
+			"          -K => write public keys to this .dtb file\n"
+			"          -F => re-sign existing FIT image\n");
 #else
 	fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
 #endif