[PATCH v4 0/3] binman: Add support for externally encrypted blobs
christian.taedcke-oss at weidmueller.com
christian.taedcke-oss at weidmueller.com
Mon Jul 10 11:25:51 CEST 2023
From: Christian Taedcke <christian.taedcke at weidmueller.com>
This series adds the functionality to handle externally encrypted
blobs to binman. It includes the functionality itself and the
corresponding unit tests.
The following block shows an example on how to use this functionality.
In the device tree that is parsed by binman a new node encrypted is
used:
/ {
binman {
filename = "u-boot.itb";
fit {
...
images {
some-bitstream {
...
image_bitstream: blob-ext {
filename = "bitstream.bin";
};
encrypted {
content = <&image_bitstream>;
algo = "aes256-gcm";
iv-filename = "bitstream.bin.iv";
key-filename = "bitstream.bin.key";
};
...
This results in an generated fit image containing the following
information:
\ {
images {
...
some-bitstream {
...
data = [...]
cipher {
algo = "aes256-gcm";
key = <0x...>;
iv = <0x...>;
};
};
...
Changes in v4:
- fix failing test testEncryptedKeyFile
Changes in v3:
- rebase on u-boot-dm/mkim-working
- remove unnecessary test testEncryptedNoContent
- update doc for functions ObtainContents and ProcessContents
- update entries.rst
- wrap some lines at 80 cols
Changes in v2:
- adapt tests for changed entry implementation
- add entry documentation
- remove global /cipher node
- replace key-name-hint with key-source property
Christian Taedcke (3):
binman: Add support for externally encrypted blobs
binman: Allow cipher node as special section
binman: Add tests for etype encrypted
tools/binman/entries.rst | 88 ++++++++++
tools/binman/etype/encrypted.py | 157 ++++++++++++++++++
tools/binman/etype/section.py | 2 +-
tools/binman/ftest.py | 53 ++++++
tools/binman/test/291_encrypted_no_algo.dts | 19 +++
.../test/292_encrypted_invalid_iv_file.dts | 23 +++
.../binman/test/293_encrypted_missing_key.dts | 28 ++++
.../binman/test/294_encrypted_key_source.dts | 29 ++++
tools/binman/test/295_encrypted_key_file.dts | 29 ++++
9 files changed, 427 insertions(+), 1 deletion(-)
create mode 100644 tools/binman/etype/encrypted.py
create mode 100644 tools/binman/test/291_encrypted_no_algo.dts
create mode 100644 tools/binman/test/292_encrypted_invalid_iv_file.dts
create mode 100644 tools/binman/test/293_encrypted_missing_key.dts
create mode 100644 tools/binman/test/294_encrypted_key_source.dts
create mode 100644 tools/binman/test/295_encrypted_key_file.dts
--
2.34.1
More information about the U-Boot
mailing list