| Message ID | 20220321214319.33254-1-fr0st61te@gmail.com |
|---|---|
| Headers | show |
| Series | Introduce new sign binman's option | expand |
Hi Ivan, On Mon, 21 Mar 2022 at 12:43, Ivan Mikhaylov <fr0st61te@gmail.com> wrote: > > From: Ivan Mikhaylov <ivan.mikhaylov@siemens.com> > > This patch introduces prototype of new sign binman's option. > Enhancing the sign procedure, as example: > > mkimage -G privateky -r -o sha256,rsa4096 -F fit.fit > binman replace -i flash.bin -f fit.fit fit > > into: > binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit > > It works with extracted FIT container and image, which provides key signing > and replacing FIT container in directed image. > > Also, I'll add additional enhancement in future to this procedure with > skipping on FIT container and providing extract->sign->replace in whole > instead of sign->replace with documentation update and test as well. > > As example: > > binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit > > > Ivan Mikhaylov (3): > binman: add sign option for binman > binman: add documentation for binman sign option > binman: add test for sign option > > tools/binman/binman.rst | 10 +++++ > tools/binman/cmdline.py | 13 ++++++ > tools/binman/control.py | 26 +++++++++++- > tools/binman/ftest.py | 42 +++++++++++++++++++ > tools/binman/test/225_fit_sign.dts | 67 ++++++++++++++++++++++++++++++ > 5 files changed, 157 insertions(+), 1 deletion(-) > create mode 100644 tools/binman/test/225_fit_sign.dts I see Alper's comments. Are you going to send a new version sometime? Regards, Simon
On Sat, 2022-08-13 at 08:59 -0600, Simon Glass wrote: > Hi Ivan, > > On Mon, 21 Mar 2022 at 12:43, Ivan Mikhaylov <fr0st61te@gmail.com> > wrote: > > > > From: Ivan Mikhaylov <ivan.mikhaylov@siemens.com> > > > > This patch introduces prototype of new sign binman's option. > > Enhancing the sign procedure, as example: > > > > mkimage -G privateky -r -o sha256,rsa4096 -F fit.fit > > binman replace -i flash.bin -f fit.fit fit > > > > into: > > binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit > > fit > > > > It works with extracted FIT container and image, which provides key > > signing > > and replacing FIT container in directed image. > > > > Also, I'll add additional enhancement in future to this procedure > > with > > skipping on FIT container and providing extract->sign->replace in > > whole > > instead of sign->replace with documentation update and test as > > well. > > > > As example: > > > > binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit > > > > > > Ivan Mikhaylov (3): > > binman: add sign option for binman > > binman: add documentation for binman sign option > > binman: add test for sign option > > > > tools/binman/binman.rst | 10 +++++ > > tools/binman/cmdline.py | 13 ++++++ > > tools/binman/control.py | 26 +++++++++++- > > tools/binman/ftest.py | 42 +++++++++++++++++++ > > tools/binman/test/225_fit_sign.dts | 67 > > ++++++++++++++++++++++++++++++ > > 5 files changed, 157 insertions(+), 1 deletion(-) > > create mode 100644 tools/binman/test/225_fit_sign.dts > > I see Alper's comments. Are you going to send a new version sometime? > > Regards, > Simon Simon, totally forgot about this one, sorry for long delay. Yes, I'll back to it at the end of this month/start of september. Thanks.
From: Ivan Mikhaylov <ivan.mikhaylov@siemens.com> This patch introduces prototype of new sign binman's option. Enhancing the sign procedure, as example: mkimage -G privateky -r -o sha256,rsa4096 -F fit.fit binman replace -i flash.bin -f fit.fit fit into: binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit It works with extracted FIT container and image, which provides key signing and replacing FIT container in directed image. Also, I'll add additional enhancement in future to this procedure with skipping on FIT container and providing extract->sign->replace in whole instead of sign->replace with documentation update and test as well. As example: binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit Ivan Mikhaylov (3): binman: add sign option for binman binman: add documentation for binman sign option binman: add test for sign option tools/binman/binman.rst | 10 +++++ tools/binman/cmdline.py | 13 ++++++ tools/binman/control.py | 26 +++++++++++- tools/binman/ftest.py | 42 +++++++++++++++++++ tools/binman/test/225_fit_sign.dts | 67 ++++++++++++++++++++++++++++++ 5 files changed, 157 insertions(+), 1 deletion(-) create mode 100644 tools/binman/test/225_fit_sign.dts