[PATCH 0/1] Introduce new sign binman's option

Ivan Mikhaylov fr0st61te at gmail.com
Fri Dec 24 22:23:33 CET 2021

From: Ivan Mikhaylov <ivan.mikhaylov at siemens.com>

This patch introduces prototype of new sign binman's option. It doesn't looks
good for now but it shows how sign process can be done. Just enhancing
sign procedure, as example from:
mkimage -G privateky -r -o sha256,rsa4096 -F fit at 0x280000.fit
binman replace -i flash.bin -f fit at 0x280000.fit fit at 0x280000

binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit at 0x280000.fit fit at 0x280000

1. Is it needed at all? I think, it improves the way of signing, maybe
there is some other opinions on this spot?
2. I hope, that `mkimage sign` can be replaced with python code instead
of tools.Run.
3. And what things/cases should be covered in case of approval of such
option? Tests?
4. Also this option may cover cases like for TI's K3 architectures, it
may replace things like tools/k3_gen_x509_cert.sh with binman sign

Also this patch refers on 
https://lists.denx.de/pipermail/u-boot/2021-November/468282.html with
algo option for mkimage.

Ivan Mikhaylov (1):
  binman: add sign option for binman

 tools/binman/cmdline.py | 13 +++++++++++++
 tools/binman/control.py | 27 ++++++++++++++++++++++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)


More information about the U-Boot mailing list