Eric Lee / smarc-uboot

26 Jun, 2013

5 commits

  • 399c744b2   mkimage: Add -r option to specify keys that must be verified ... Browse Code »

    Normally, multiple public keys can be provided and U-Boot is not
    required to use all of them for verification. This is because some
    images may not be signed, or may be optionally signed.

    But we still need a mechanism to determine when a key must be used.
    This feature cannot be implemented in the FIT itself, since anyone
    could change it to mark a key as optional. The requirement for
    key verification must go in with the public keys, in a place that
    is protected from modification.

    Add a -r option which tells mkimage to mark all keys that it uses
    for signing as 'required'.

    If some keys are optional and some are required, run mkimage several
    times (perhaps with different key directories if some keys are very
    secret) using the -F flag to update an existing FIT.

    Signed-off-by: Simon Glass
    Reviewed-by: Marek Vasut

    Simon Glass
     
  • 4f6104270   mkimage: Add -c option to specify a comment for key signing ... Browse Code »

    When signing an image, it is useful to add some details about which tool
    or person is authorising the signing. Add a comment field which can take
    care of miscellaneous requirements.

    Signed-off-by: Simon Glass
    Reviewed-by: Marek Vasut

    Simon Glass
     
  • 95d77b447   mkimage: Add -F option to modify an existing .fit file ... Browse Code »

    When signing images it is sometimes necessary to sign with different keys
    at different times, or make the signer entirely separate from the FIT
    creation to avoid needing the private keys to be publicly available in
    the system.

    Add a -F option so that key signing can be a separate step, and possibly
    done multiple times as different keys are avaiable.

    Signed-off-by: Simon Glass
    Reviewed-by: Marek Vasut

    Simon Glass
     
  • e29495d37   mkimage: Add -K to write public keys to an FDT blob ... Browse Code »

    FIT image verification requires public keys. Add a convenient option to
    mkimage to write the public keys to an FDT blob when it uses then for
    signing an image. This allows us to use:

    mkimage -f test.its -K dest.dtb -k keys test.fit

    and have the signatures written to test.fit and the corresponding public
    keys written to dest.dtb. Then dest.dtb can be used as the control FDT
    for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
    public keys it needs.

    Signed-off-by: Simon Glass
    Reviewed-by: Marek Vasut

    Simon Glass
     
  • 80e4df8ac   mkimage: Add -k option to specify key directory ... Browse Code »

    Keys required for signing images will be in a specific directory. Add a
    -k option to specify that directory.

    Also update the mkimage man page with this information and a clearer list
    of available commands.

    Signed-off-by: Simon Glass
    Reviewed-by: Marek Vasut (v1)

    Simon Glass
     

24 Dec, 2011

1 commit

22 Dec, 2011

1 commit

19 Jan, 2011

1 commit

  • 3f1266d6d   Escape minus signs in manpage ... Browse Code »

    By default, "-" chars are interpreted as hyphens (U+2010) by groff, not
    as minus signs (U+002D). Since options to programs use minus signs
    (U+002D), this means for example in UTF-8 locales that you cannot cut
    and paste options, nor search for them easily.

    (Reported by lintian.)

    Signed-off-by: Loïc Minier

    Loïc Minier
     

09 Aug, 2010

1 commit

  • cd1535564   Add mkimage manpage ... Browse Code »

    Some Linux distributions include the "mkimage" as a package.
    This commit provides a manual page for mkimage.

    Signed-off-by: Nobuhiro Iwamatsu

    Added documentation for FIT images and examples.
    Moved to doc/ directory.

    Signed-off-by: Wolfgang Denk

    Nobuhiro Iwamatsu