[PATCH 0/3] mkimage: allow to specify signing algorithm
Jan Kiszka
jan.kiszka at siemens.com
Thu Nov 25 20:03:01 CET 2021
Another step to decouple the FIT image specification from the actual
signing: With these changes, the signature nodes can leave out an algo
property, mkimage will initialize that as well while signing. This way,
in-tree FIT source files can be prepared for gaining signatures without
defining the key type or size upfront, forcing users to patch the code
to change that.
Patch 1 is preparatory for this, patch 2 a drive-by cleanup.
A better solution would actually be if the algorithm was derived from
the provided key. But the underlying crypto layer seems to be rather
unprepared for that.
Jan
Jan Kiszka (3):
image-fit: Make string of algo parameter constant
mkimage: Drop unused OPT_STRING constant
mkimage: Allow to specify the signature algorithm on the command line
boot/image-fit-sig.c | 2 +-
boot/image-fit.c | 8 +++----
doc/mkimage.1 | 5 +++++
include/image.h | 5 +++--
tools/fit_image.c | 3 ++-
tools/image-host.c | 50 +++++++++++++++++++++++++-------------------
tools/imagetool.h | 1 +
tools/mkimage.c | 6 ++++--
8 files changed, 49 insertions(+), 31 deletions(-)
--
2.31.1
More information about the U-Boot
mailing list