| Message ID | 20210204195705.2057081-5-mr.nuke.me@gmail.com |
|---|---|
| State | Superseded |
| Delegated to: | Tom Rini |
| Headers | show |
| Series | mkimage: Add a 'keyfile' argument for image signing | expand |
On Thu, 4 Feb 2021 at 12:57, Alexandru Gagniuc <mr.nuke.me@gmail.com> wrote: > > Keys can be derived from keydir, and the "key-name-hint" property of > the FIT. They can also be specified ad-literam via 'keyfile'. Update > the ECDSA signing path to use the appropriate one. > > Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> > --- > lib/ecdsa/ecdsa-libcrypto.c | 14 +++++++++++++- > 1 file changed, 13 insertions(+), 1 deletion(-) Reviewed-by: Simon Glass <sjg@chromium.org>
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c index 322880963f..1757a14562 100644 --- a/lib/ecdsa/ecdsa-libcrypto.c +++ b/lib/ecdsa/ecdsa-libcrypto.c @@ -140,8 +140,20 @@ static int read_key(struct signer *ctx, const char *key_name) /* Prepare a 'signer' context that's ready to sign and verify. */ static int prepare_ctx(struct signer *ctx, const struct image_sign_info *info) { - const char *kname = info->keydir; int key_len_bytes, ret; + char kname[1024]; + + memset(ctx, 0, sizeof(*ctx)); + + if (info->keyfile) { + snprintf(kname, sizeof(kname), "%s", info->keyfile); + } else if (info->keydir && info->keyname) { + snprintf(kname, sizeof(kname), "%s/%s.pem", info->keydir, + info->keyname); + } else { + fprintf(stderr, "keyfile, keyname, or key-name-hint missing\n"); + return -EINVAL; + } ret = alloc_ctx(ctx, info); if (ret)
Keys can be derived from keydir, and the "key-name-hint" property of the FIT. They can also be specified ad-literam via 'keyfile'. Update the ECDSA signing path to use the appropriate one. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> --- lib/ecdsa/ecdsa-libcrypto.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-)