[PATCH v2 0/5] Introduce new sign binman's option
Ivan Mikhaylov
fr0st61te at gmail.com
Wed Mar 8 02:13:37 CET 2023
This patch introduces prototype of new sign binman's option.
Enhancing the sign procedure, as example:
mkimage -G privateky -r -o sha256,rsa4096 -F fit.fit
binman replace -i flash.bin -f fit.fit fit
into:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit
It works with extracted FIT container and image, which provides key signing
of FIT container and replacing of it in directed image.
Also it is possible to sign exact FIT container in place.
As example:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit
Add fdt_add_pubkey utility which provides possibility of add pub keys
into DTB. This one needed mostly for test coverage of binman sign option
but could be useful when private and pub keys are separated.
Depends on "binman: Support updating section contents".
Ivan Mikhaylov (3):
binman: add documentation for binman sign option
binman: add sign option for binman
binman: add tests for sign option
Roman Kopytin (2):
tools: add fdt_add_pubkey
test_vboot.py: include test of fdt_add_pubkey tool
test/py/tests/test_vboot.py | 8 ++
tools/.gitignore | 1 +
tools/Makefile | 3 +
tools/binman/binman.rst | 18 ++++
tools/binman/cmdline.py | 13 +++
tools/binman/control.py | 29 +++++-
tools/binman/etype/fit.py | 18 ++++
tools/binman/etype/section.py | 3 +
tools/binman/ftest.py | 61 +++++++++++++
tools/binman/test/277_fit_sign.dts | 63 +++++++++++++
tools/fdt_add_pubkey.c | 138 +++++++++++++++++++++++++++++
11 files changed, 354 insertions(+), 1 deletion(-)
create mode 100644 tools/binman/test/277_fit_sign.dts
create mode 100644 tools/fdt_add_pubkey.c
--
2.39.1
More information about the U-Boot
mailing list