[PATCH v3 2/2] mkimage: Support signing 'auto' FITs
Tom Rini
trini at konsulko.com
Tue Jun 7 18:46:59 CEST 2022
On Mon, May 16, 2022 at 04:11:08PM -0400, Sean Anderson wrote:
> This adds support for signing images in auto-generated FITs. To do this,
> we need to add a signature node. The algorithm name property already has
> its own option, but we need one for the key name hint. We could have
> gone the -G route and added an explicit name for the public key (like
> what is done for the private key). However, many places assume the
> public key can be constructed from the key dir and hint, and I don't
> want to do the refactoring necessary.
>
> As a consequence of this, it is now easier to add public keys to an
> existing image without signing something. This could be done all along,
> but now you don't have to create an its just to do it. Ideally, we
> wouldn't create a FIT at the end. This could be done by calling
> fit_image_setup_sig/info.crypto->add_verify_data directly.
>
> Signed-off-by: Sean Anderson <sean.anderson at seco.com>
Applied to u-boot/next, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20220607/2fe31824/attachment.sig>
More information about the U-Boot
mailing list