[PATCH 0/4] mkimage: Add a 'keyfile' argument for image signing

Alexandru Gagniuc mr.nuke.me at gmail.com
Thu Feb 4 20:57:01 CET 2021


This series is a continuation of the following series
 *    [PATCH v5 0/6] Add support for ECDSA image signing (with test)

There were some requests in the previous series to be more consistent
between RSA and ECDSA paths, particularly in the area of handling the
'keydir' argument.

This series adds a 'keyfile' argument to be used in lieu of the
antiquated 'keydir'. Using 'keyfile' allows signing images that do not
contain a "key-name-hint" property.

Other issues, such as automatically adding the 'signature' node were
discussed. Such features are beyond the scope of this series. I am
going to halt any further work on mkimage because of time constraints.
I hope the corrections in this series are sufficient to finally allow 
users to sign their images with ECDSA.


Alexandru Gagniuc (4):
  doc: signature.txt: Document the keydir and keyfile arguments
  mkimage: Add a 'keyfile' argument for image signing
  lib/rsa: Use the 'keyfile' argument from mkimage
  lib/ecdsa: Use the 'keydir' argument from mkimage if appropriate

 doc/uImage.FIT/signature.txt | 13 +++++++++
 include/image.h              |  8 ++++--
 lib/ecdsa/ecdsa-libcrypto.c  | 10 ++++++-
 lib/rsa/rsa-sign.c           | 34 +++++++++++++++++------
 tools/fit_image.c            |  3 +-
 tools/image-host.c           | 54 ++++++++++++++++++++----------------
 tools/imagetool.h            |  1 +
 tools/mkimage.c              |  6 +++-
 8 files changed, 91 insertions(+), 38 deletions(-)

-- 
2.26.2



More information about the U-Boot mailing list