[PATCH 2/4] mkimage: Add a 'keyfile' argument for image signing

Simon Glass sjg at chromium.org
Sun Feb 7 15:37:28 CET 2021 

Hi Alexandru,

On Thu, 4 Feb 2021 at 12:57, Alexandru Gagniuc <mr.nuke.me at gmail.com> wrote:
>
> It's not always desirable to use 'keydir' and some ad-hoc heuristics
> to get the filename of the signing key. More often, just passing the
> filename is the simpler, easier, and logical thing to do.
>
> Since mkimage doesn't use long options, we're slowly running out of
> letters. I've chosen '-G' because it was available.
>
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
> ---
>  include/image.h    |  8 ++++---
>  tools/fit_image.c  |  3 ++-
>  tools/image-host.c | 58 +++++++++++++++++++++++++---------------------
>  tools/imagetool.h  |  1 +
>  tools/mkimage.c    |  6 ++++-
>  5 files changed, 45 insertions(+), 31 deletions(-)
>

Reviewed-by: Simon Glass <sjg at chromium.org>

See below.

> diff --git a/include/image.h b/include/image.h
> index 2447321023..9bc8b8d179 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -1128,9 +1128,10 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
>   *     0, on success
>   *     libfdt error code, on failure
>   */
> -int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
> -                             const char *comment, int require_keys,
> -                             const char *engine_id, const char *cmdname);
> +int fit_add_verification_data(const char *keydir, const char *keyfile,
> +                             void *keydest, void *fit, const char *comment,
> +                             int require_keys, const char *engine_id,
> +                             const char *cmdname);
>
>  int fit_image_verify_with_data(const void *fit, int image_noffset,
>                                const void *data, size_t size);
> @@ -1236,6 +1237,7 @@ void image_set_host_blob(void *host_blob);
>  struct image_sign_info {
>         const char *keydir;             /* Directory conaining keys */
>         const char *keyname;            /* Name of key to use */
> +       const char *keyfile;            /* Filename of private or public key */

Please also document the semantics of this...can it be NULL? I think
you intend that either keydir or keyfile is used but not both, right?

Regards,
Simon

More information about the U-Boot mailing list