[PATCH v2 0/7] rockchip: make it possible to sign the u-boot.itb

Heiko Stuebner heiko at sntech.de
Tue Apr 21 02:23:26 CEST 2020


From: Heiko Stuebner <heiko.stuebner at theobroma-systems.com>

This series fixes some issues I found with SPL_FIT_SIGNATURE enabled
and then makes it possible to sign a generated u-boot.itb automatically
even if the its-source got created by a generator script.

To let the SPL know about the key, the -K option for mkimage points
to the dts/dt-spl.dtb which can then get included into the spl binary.

Tested on Rockchip PX30 with a TPL -> SPL -> U-Boot.itb bootchain.


If the later parts are in doubt, maybe the first patches fixing
obvious errors could land first separately.


changes in v2:
- add received reviews
- fix commit message typo
- add doc snippet explaining CONFIG_SPL_FIT_GENERATOR_KEY_HINT

Heiko Stuebner (7):
  spl: fit: select SPL_HASH_SUPPORT for SPL_FIT_SIGNATURE
  spl: fit: select SPL_CRYPTO_SUPPORT for SPL_FIT_SIGNATURE
  lib: rsa: distinguish between tpl and spl for CONFIG_RSA_VERIFY
  mkimage: fit_image: handle multiple errors when writing signatures
  spl: fit: enable signing a generated u-boot.itb
  spl: fit: add Kconfig option to specify key-hint for fit_generator
  rockchip: make_fit_atf: add signature handling

 Kconfig                                | 18 +++++++++
 Makefile                               | 11 +++++-
 arch/arm/mach-rockchip/make_fit_atf.py | 51 +++++++++++++++++++++++++-
 doc/uImage.FIT/howto.txt               | 13 +++++++
 lib/rsa/Makefile                       |  2 +-
 tools/image-host.c                     |  2 +-
 6 files changed, 93 insertions(+), 4 deletions(-)

-- 
2.25.1



More information about the U-Boot mailing list