[U-Boot] [PATCH v2 38/45] mkimage: Add -c option to specify a comment for key signing

Tue Mar 19 00:51:58 CET 2013

When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.

Signed-off-by: Simon Glass <sjg at chromium.org>
Reviewed-by: Marek Vasut <marex at denx.de>
---
Changes in v2:
- Adjust mkimage help to separate out signing options
- Rebase on previous patches

 doc/mkimage.1     | 6 ++++++
 tools/fit_image.c | 4 ++--
 tools/mkimage.c   | 8 +++++++-
 tools/mkimage.h   | 1 +
 4 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/doc/mkimage.1 b/doc/mkimage.1
index f9c733a..b67a351 100644
--- a/doc/mkimage.1
+++ b/doc/mkimage.1
@@ -97,6 +97,12 @@ Set XIP (execute in place) flag.
 .B Create FIT image:
 
 .TP
+.BI "\-c [" "comment" "]"
+Specifies a comment to be added when signing. This is typically a useful
+message which describes how the image was signed or some other useful
+information.
+
+.TP
 .BI "\-D [" "dtc options" "]"
 Provide special options to the device tree compiler that is used to
 create the image.
diff --git a/tools/fit_image.c b/tools/fit_image.c
index 645e93c..d48f571 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -153,9 +153,9 @@ static int fit_handle_file (struct mkimage_params *params)
 
 	/* set hashes for images in the blob */
 	if (fit_add_verification_data(params->keydir, dest_blob, ptr,
-				      NULL, 0)) {
+				      params->comment, 0)) {
 		fprintf (stderr, "%s Can't add hashes to FIT blob",
-				params->cmdname);
+			 params->cmdname);
 		goto err_add_hashes;
 	}
 
diff --git a/tools/mkimage.c b/tools/mkimage.c
index e2b82d0..b3b45a4 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -183,6 +183,11 @@ main (int argc, char **argv)
 					genimg_get_arch_id (*++argv)) < 0)
 					usage ();
 				goto NXTARG;
+			case 'c':
+				if (--argc <= 0)
+					usage();
+				params.comment = *++argv;
+				goto NXTARG;
 			case 'C':
 				if ((--argc <= 0) ||
 					(params.comp =
@@ -640,9 +645,10 @@ usage ()
 	fprintf(stderr, "          -D => set options for device tree compiler\n"
 			"          -f => input filename for FIT source\n");
 #ifdef CONFIG_FIT_SIGNATURE
-	fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb]\n"
+	fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>]\n"
 			"          -k => set directory containing private keys\n"
 			"          -K => write public keys to this .dtb file\n"
+			"          -c => add comment in signature node\n"
 			"          -F => re-sign existing FIT image\n");
 #else
 	fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
diff --git a/tools/mkimage.h b/tools/mkimage.h
index 41bec21..4391ca8 100644
--- a/tools/mkimage.h
+++ b/tools/mkimage.h
@@ -77,6 +77,7 @@ struct mkimage_params {
 	char *cmdname;
 	const char *keydir;	/* Directory holding private keys */
 	const char *keydest;	/* Destination .dtb for public key */
+	const char *comment;	/* Comment to add to signature node */
 };
 
 /*
-- 
1.8.1.3

