[PATCH 0/3] mkimage: allow to specify signing algorithm

Jan Kiszka jan.kiszka at siemens.com
Thu Nov 25 20:03:01 CET 2021

Another step to decouple the FIT image specification from the actual
signing: With these changes, the signature nodes can leave out an algo
property, mkimage will initialize that as well while signing. This way,
in-tree FIT source files can be prepared for gaining signatures without
defining the key type or size upfront, forcing users to patch the code
to change that.

Patch 1 is preparatory for this, patch 2 a drive-by cleanup.

A better solution would actually be if the algorithm was derived from
the provided key. But the underlying crypto layer seems to be rather
unprepared for that.


Jan Kiszka (3):
  image-fit: Make string of algo parameter constant
  mkimage: Drop unused OPT_STRING constant
  mkimage: Allow to specify the signature algorithm on the command line

 boot/image-fit-sig.c |  2 +-
 boot/image-fit.c     |  8 +++----
 doc/mkimage.1        |  5 +++++
 include/image.h      |  5 +++--
 tools/fit_image.c    |  3 ++-
 tools/image-host.c   | 50 +++++++++++++++++++++++++-------------------
 tools/imagetool.h    |  1 +
 tools/mkimage.c      |  6 ++++--
 8 files changed, 49 insertions(+), 31 deletions(-)


More information about the U-Boot mailing list