[PATCH 1/1] binman: add sign option for binman

Ivan Mikhaylov fr0st61te at gmail.com
Thu Jan 27 14:00:37 CET 2022


On Tue, 2021-12-28 at 01:34 -0700, Simon Glass wrote:
> Hi Ivan,
> 
> On Fri, 24 Dec 2021 at 11:23, Ivan Mikhaylov <fr0st61te at gmail.com>
> wrote:
> > 
> > Introduce prototype for binman's new option which provides sign
> > and replace sections in binary images.
> > 
> > Usage as example:
> > 
> > from:
> > mkimage -G privateky -r -o sha256,rsa4096 -F fit at 0x280000.fit
> > binman replace -i flash.bin -f fit at 0x280000.fit fit at 0x280000
> > 
> > to:
> > binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f
> > fit at 0x280000.fit fit at 0x280000
> > 
> > Signed-off-by: Ivan Mikhaylov <ivan.mikhaylov at siemens.com>
> > ---
> >  tools/binman/cmdline.py | 13 +++++++++++++
> >  tools/binman/control.py | 27 ++++++++++++++++++++++++++-
> >  2 files changed, 39 insertions(+), 1 deletion(-)
> 
> This looks good. Just need a test and docs update (also check 'binman
> test -T' for 100% code coverage).

Simon, I've tried to figure out with test and stumble a little bit with
verification step. How to verify that mkimage sign fit image with
existing key, is there any option or any toolkits? I didn't find any
suitable option in mkimage either, is it good idea to add key
verification inside mkimage? Other way is to have blobs with predefined
keys inside test directory in binman which I think is not so good.

Thanks.


More information about the U-Boot mailing list