From patchwork Thu Jun 13 22:10:06 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Glass <sjg@chromium.org>
X-Patchwork-Id: 251191
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from theia.denx.de (theia.denx.de [85.214.87.163])
	by ozlabs.org (Postfix) with ESMTP id B17612C00A1
	for <incoming@patchwork.ozlabs.org>;
	Fri, 14 Jun 2013 08:15:45 +1000 (EST)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 8B4024A21A;
	Fri, 14 Jun 2013 00:15:11 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at theia.denx.de
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 9Ygdp1bYMk9s; Fri, 14 Jun 2013 00:15:11 +0200 (CEST)
Received: from theia.denx.de (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id DABBB4A1CE;
	Fri, 14 Jun 2013 00:13:28 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id BCCB54A142
	for <u-boot@lists.denx.de>; Fri, 14 Jun 2013 00:12:01 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at theia.denx.de
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id bMsofETP0fg4 for <u-boot@lists.denx.de>;
	Fri, 14 Jun 2013 00:11:56 +0200 (CEST)
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
	BL_NJABL=ERR(-1.5) (only DNSBL check requested)
Received: from mail-gh0-f201.google.com (mail-gh0-f201.google.com
	[209.85.160.201])
	by theia.denx.de (Postfix) with ESMTPS id E50EA4A126
	for <u-boot@lists.denx.de>; Fri, 14 Jun 2013 00:10:56 +0200 (CEST)
Received: by mail-gh0-f201.google.com with SMTP id r14so647358ghr.2
	for <u-boot@lists.denx.de>; Thu, 13 Jun 2013 15:10:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=from:to:cc:subject:date:message-id:x-mailer:in-reply-to:references
	:x-gm-message-state;
	bh=mj3aP5aWbYNQ5zXbEpH6SL24WH+Q2wvxeudkHrCFVeM=;
	b=KRa7auz9BwBUo9VE94f9d79u214H+67r1qdBoSuK+JA8vFM4Yn6gujk3cb5lrIi5CU
	wCVcFTzhbQuiBcfuT38hvsSLZAM5jQ8bzWvymla47ZS5K0v2OyS3oPRJTmqFWn6UvhHF
	9R3zNACFStiCHh+HhssKhKG1+k6F/t92Wm5VEl9P/Wirk2TVCvLpYf6VCFjyT7GcBKq+
	u++/iFzChBrM330R/ii6inO3GfBdkgUmqL4YxXPyLrD3j/mcs7CI8fnzIOAnoAy2jDy0
	qZitk3noAoi9Qls+RUdnKXhPITaayp9eYXcT8PYA0UV1lqiI3ZLzv0IKSVNC0FPd6KyR
	ZfTA==
X-Received: by 10.236.192.131 with SMTP id i3mr1330994yhn.29.1371161434257;
	Thu, 13 Jun 2013 15:10:34 -0700 (PDT)
Received: from corp2gmr1-1.hot.corp.google.com
	(corp2gmr1-1.hot.corp.google.com [172.24.189.92])
	by gmr-mx.google.com with ESMTPS id
	o42si1463703yhe.5.2013.06.13.15.10.34 for <multiple recipients>
	(version=TLSv1.1 cipher=AES128-SHA bits=128/128);
	Thu, 13 Jun 2013 15:10:34 -0700 (PDT)
Received: from kaka.mtv.corp.google.com (kaka.mtv.corp.google.com
	[172.22.83.1])
	by corp2gmr1-1.hot.corp.google.com (Postfix) with ESMTP id
	ECCD831C034; Thu, 13 Jun 2013 15:10:33 -0700 (PDT)
Received: by kaka.mtv.corp.google.com (Postfix, from userid 121222)
	id AE3EF1607E4; Thu, 13 Jun 2013 15:10:33 -0700 (PDT)
From: Simon Glass <sjg@chromium.org>
To: U-Boot Mailing List <u-boot@lists.denx.de>
Date: Thu, 13 Jun 2013 15:10:06 -0700
Message-Id: <1371161411-2834-8-git-send-email-sjg@chromium.org>
X-Mailer: git-send-email 1.8.3
In-Reply-To: <1371161411-2834-1-git-send-email-sjg@chromium.org>
References: <1371161411-2834-1-git-send-email-sjg@chromium.org>
X-Gm-Message-State: 
 ALoCoQl+FapJu2ZZsjPkDG6BZUCx5BPm/qNg7xdNeCsORbxHASD4dRnPYspngek+dwoQCP36knbyQe98igOuRxybJsq8W11KxaQ6qTWE4uNsoyLlnBXepQ3P8tuv6axsPIbduNV0PB9DBOpQeeUJuK5+ZsM8+mOgfJmeazOyqiorYH2+nyL1NWdg3I4fKoHI0fscRZKCsh1j
Cc: Joel A Fernandes <joelagnel@ti.com>, Will Drewry <wad@chromium.org>,
	Joe Hershberger <joe.hershberger@ni.com>, u-boot-review@google.com,
	Bill Richardson <wfrichar@chromium.org>,
	Randall Spangler <rspangler@chromium.org>,
	Tom Rini <trini@ti.com>, Vadim Bendebury <vbendeb@chromium.org>,
	=?UTF-8?q?Andreas=20B=C3=A4ck?= <andreas.back778@gmail.com>,
	Kees Cook <keescook@chromium.org>
Subject: [U-Boot] [PATCH v3 07/12] mkimage: Add -c option to specify a
	comment for key signing
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <http://lists.denx.de/mailman/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <http://lists.denx.de/mailman/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Sender: u-boot-bounces@lists.denx.de
Errors-To: u-boot-bounces@lists.denx.de

When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
---
Changes in v3: None
Changes in v2:
- Adjust mkimage help to separate out signing options
- Rebase on previous patches

 doc/mkimage.1     | 6 ++++++
 tools/fit_image.c | 4 ++--
 tools/mkimage.c   | 8 +++++++-
 tools/mkimage.h   | 1 +
 4 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/doc/mkimage.1 b/doc/mkimage.1
index f9c733a..b67a351 100644
--- a/doc/mkimage.1
+++ b/doc/mkimage.1
@@ -97,6 +97,12 @@ Set XIP (execute in place) flag.
 .B Create FIT image:
 
 .TP
+.BI "\-c [" "comment" "]"
+Specifies a comment to be added when signing. This is typically a useful
+message which describes how the image was signed or some other useful
+information.
+
+.TP
 .BI "\-D [" "dtc options" "]"
 Provide special options to the device tree compiler that is used to
 create the image.
diff --git a/tools/fit_image.c b/tools/fit_image.c
index 645e93c..d48f571 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -153,9 +153,9 @@ static int fit_handle_file (struct mkimage_params *params)
 
 	/* set hashes for images in the blob */
 	if (fit_add_verification_data(params->keydir, dest_blob, ptr,
-				      NULL, 0)) {
+				      params->comment, 0)) {
 		fprintf (stderr, "%s Can't add hashes to FIT blob",
-				params->cmdname);
+			 params->cmdname);
 		goto err_add_hashes;
 	}
 
diff --git a/tools/mkimage.c b/tools/mkimage.c
index e2b82d0..b3b45a4 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -183,6 +183,11 @@ main (int argc, char **argv)
 					genimg_get_arch_id (*++argv)) < 0)
 					usage ();
 				goto NXTARG;
+			case 'c':
+				if (--argc <= 0)
+					usage();
+				params.comment = *++argv;
+				goto NXTARG;
 			case 'C':
 				if ((--argc <= 0) ||
 					(params.comp =
@@ -640,9 +645,10 @@ usage ()
 	fprintf(stderr, "          -D => set options for device tree compiler\n"
 			"          -f => input filename for FIT source\n");
 #ifdef CONFIG_FIT_SIGNATURE
-	fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb]\n"
+	fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>]\n"
 			"          -k => set directory containing private keys\n"
 			"          -K => write public keys to this .dtb file\n"
+			"          -c => add comment in signature node\n"
 			"          -F => re-sign existing FIT image\n");
 #else
 	fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
diff --git a/tools/mkimage.h b/tools/mkimage.h
index 63b9b4f..ab8baf8 100644
--- a/tools/mkimage.h
+++ b/tools/mkimage.h
@@ -89,6 +89,7 @@ struct mkimage_params {
 	char *cmdname;
 	const char *keydir;	/* Directory holding private keys */
 	const char *keydest;	/* Destination .dtb for public key */
+	const char *comment;	/* Comment to add to signature node */
 };
 
 /*