[PATCH v4 6/6] rockchip: make_fit_atf: add signature handling

[Heiko Stübner]

Hi Tom,

Am Dienstag, 30. Juni 2020, 14:36:40 CEST schrieb Tom Rini:
> On Fri, Jun 19, 2020 at 12:45:50PM +0200, Heiko Stuebner wrote:
> 
> > From: Heiko Stuebner <heiko.stuebner at theobroma-systems.com>
> > 
> > If the newly added fit-generator key-options are found, append needed
> > signature nodes to all generated image blocks, so that they can get
> > signed when mkimage later compiles the .itb from the generated .its.
> > 
> > Signed-off-by: Heiko Stuebner <heiko.stuebner at theobroma-systems.com>
> 
> First, I want to echo what Simon said.  We need to move towards having
> less ad-hoc scripts for these kind of final modifiers.

looking at Simon's binman series is on my todo list, so yes I do agree
with you :-) .

> > ---
> >  arch/arm/mach-rockchip/make_fit_atf.py | 57 +++++++++++++++++++++++++-
> >  1 file changed, 56 insertions(+), 1 deletion(-)
> > 
> > diff --git a/arch/arm/mach-rockchip/make_fit_atf.py b/arch/arm/mach-rockchip/make_fit_atf.py
> > index d15c32b303..de7dc19d11 100755
> > --- a/arch/arm/mach-rockchip/make_fit_atf.py
> > +++ b/arch/arm/mach-rockchip/make_fit_atf.py
> > @@ -14,6 +14,14 @@ import sys
> >  import getopt
> >  import logging
> >  import struct
> > +try:
> > +	# in python3 Cryptodome succeeds Crypto
> > +	import Cryptodome
> > +	from Cryptodome.PublicKey import RSA
> > +except:
> > +	import Crypto
> > +	from Crypto.PublicKey import RSA
> 
> Is it that older python3 would support "Cryto" not "Cryptodome"  or
> python2?  If the latter, we should just drop it.  We do however need to
> document, and should try and be user friendly about catching the
> failure, that we now need the pycrypto module installed.  Thanks!

python3 only seems to have Cryptodome, while python2 only seems to
have Crypto. And with for example Debian's default python is still being
python2 for a bit longer, I wanted to support both, especially as it it
works like a drop-in replacement.

Heiko