diff mbox series

[6/7] spl: fit: add Kconfig option to specify key-hint for fit_generator

Message ID 20200417220716.3670302-7-heiko@sntech.de
State Superseded
Delegated to: Kever Yang
Headers show
Series rockchip: make it possible to sign the u-boot.itb | expand

Commit Message

Heiko Stuebner April 17, 2020, 10:07 p.m. UTC 
From: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>

The u-boot.itb can be generated either from a static .its that can
simply include the needed signature nodes with key-hints or from a
fit-generator script referenced in CONFIG_SPL_FIT_GENERATOR.

In the script-case it will need to know what key to include for the
key-hint and specified algorithm, so add an option for that key-name.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
---
 Kconfig | 8 ++++++++
 1 file changed, 8 insertions(+)

Comments

Philipp Tomsich April 17, 2020, 10:26 p.m. UTC | #1 
> On 18.04.2020, at 00:07, Heiko Stuebner <heiko@sntech.de> wrote:
> 
> From: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
> 
> The u-boot.itb can be generated either from a static .its that can
> simply include the needed signature nodes with key-hints or from a
> fit-generator script referenced in CONFIG_SPL_FIT_GENERATOR.
> 
> In the script-case it will need to know what key to include for the
> key-hint and specified algorithm, so add an option for that key-name.
> 
> Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>

Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Heinrich Schuchardt April 18, 2020, 1:14 a.m. UTC | #2 
On 4/18/20 12:07 AM, Heiko Stuebner wrote:
> From: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
>
> The u-boot.itb can be generated either from a static .its that can
> simply include the needed signature nodes with key-hints or from a
> fit-generator script referenced in CONFIG_SPL_FIT_GENERATOR.
>
> In the script-case it will need to know what key to include for the
> key-hint and specified algorithm, so add an option for that key-name.

I am missing a file in doc/ describing how this is used.

Best regards

Heinrich

>
> Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
> ---
>  Kconfig | 8 ++++++++
>  1 file changed, 8 insertions(+)
>
> diff --git a/Kconfig b/Kconfig
> index 15a783a67d..703762d740 100644
> --- a/Kconfig
> +++ b/Kconfig
> @@ -534,6 +534,14 @@ config SPL_FIT_GENERATOR
>  	  passed a list of supported device tree file stub names to
>  	  include in the generated image.
>
> +config SPL_FIT_GENERATOR_KEY_HINT
> +	string "key hint for signing U-Boot FIT image"
> +	depends on SPL_FIT_SIGNATURE
> +	default "dev"
> +	help
> +	  The key hint to store in both the generated .its file as well as
> +	  u-boot-key.dtb generated separately and embedded into the SPL.
> +
>  endif # SPL
>
>  endif # FIT
>
diff mbox series

Patch

diff --git a/Kconfig b/Kconfig
index 15a783a67d..703762d740 100644
--- a/Kconfig
+++ b/Kconfig
@@ -534,6 +534,14 @@  config SPL_FIT_GENERATOR
 	  passed a list of supported device tree file stub names to
 	  include in the generated image.
 
+config SPL_FIT_GENERATOR_KEY_HINT
+	string "key hint for signing U-Boot FIT image"
+	depends on SPL_FIT_SIGNATURE
+	default "dev"
+	help
+	  The key hint to store in both the generated .its file as well as
+	  u-boot-key.dtb generated separately and embedded into the SPL.
+
 endif # SPL
 
 endif # FIT