| Message ID | 20200417220716.3670302-1-heiko@sntech.de |
|---|---|
| Headers | show
Return-Path: <u-boot-bounces@lists.denx.de> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=sntech.de Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 493qwb57kpz9sSd for <incoming@patchwork.ozlabs.org>; Sat, 18 Apr 2020 08:08:12 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8AEA481CF4; Sat, 18 Apr 2020 00:07:58 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sntech.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 5651F81CFF; Sat, 18 Apr 2020 00:07:45 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from gloria.sntech.de (gloria.sntech.de [185.11.138.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 6D6F681CEA for <u-boot@lists.denx.de>; Sat, 18 Apr 2020 00:07:38 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sntech.de Authentication-Results: phobos.denx.de; spf=none smtp.mailfrom=heiko@sntech.de Received: from p57b77c7a.dip0.t-ipconnect.de ([87.183.124.122] helo=phil.sntech) by gloria.sntech.de with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <heiko@sntech.de>) id 1jPZ95-0006YZ-U9; Sat, 18 Apr 2020 00:07:35 +0200 From: Heiko Stuebner <heiko@sntech.de> To: u-boot@lists.denx.de Cc: sjg@chromium.org, philipp.tomsich@theobroma-systems.com, kever.yang@rock-chips.com, xypron.glpk@gmx.de, takahiro.akashi@linaro.org, philippe.reynes@softathome.com, christoph.muellner@theobroma-systems.com, heiko@sntech.de, miquel.raynal@bootlin.com, Heiko Stuebner <heiko.stuebner@theobroma-systems.com> Subject: [PATCH 0/7] rockchip: make it possible to sign the u-boot.itb Date: Sat, 18 Apr 2020 00:07:09 +0200 Message-Id: <20200417220716.3670302-1-heiko@sntech.de> X-Mailer: git-send-email 2.24.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: U-Boot discussion <u-boot.lists.denx.de> List-Unsubscribe: <https://lists.denx.de/options/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=unsubscribe> List-Archive: <https://lists.denx.de/pipermail/u-boot/> List-Post: <mailto:u-boot@lists.denx.de> List-Help: <mailto:u-boot-request@lists.denx.de?subject=help> List-Subscribe: <https://lists.denx.de/listinfo/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=subscribe> Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de> X-Virus-Scanned: clamav-milter 0.102.2 at phobos.denx.de X-Virus-Status: Clean |
| Series |
rockchip: make it possible to sign the u-boot.itb
|
expand
|
From: Heiko Stuebner <heiko.stuebner@theobroma-systems.com> This series fixes some issues I found with SPL_FIT_SIGNATURE enabled and then makes it possible to sign a generated u-boot.itb automatically even if the its-source got created by a generator script. To let the SPL know about the key, the -K option for mkimage points to the dts/dt-spl.dtb which can then get included into the spl binary. Tested on Rockchip PX30 with a TPL -> SPL -> U-Boot.itb bootchain. Heiko Stuebner (7): spl: fit: select SPL_HASH_SUPPORT for SPL_FIT_SIGNATURE spl: fit: select SPL_CRYPTO_SUPPORT for SPL_FIT_SIGNATURE lib: rsa: distinguish between tpl and spl for CONFIG_RSA_VERIFY mkimage: fit_image: handle multiple errors when writing signatures spl: fit: enable signing a generated u-boot.itb spl: fit: add Kconfig option to specify key-hint for fit_generator rockchip: make_fit_atf: add signature handling Kconfig | 18 +++++++++ Makefile | 11 +++++- arch/arm/mach-rockchip/make_fit_atf.py | 51 +++++++++++++++++++++++++- lib/rsa/Makefile | 2 +- tools/image-host.c | 2 +- 5 files changed, 80 insertions(+), 4 deletions(-)