[PATCH v2 2/3] tools: binman: Add a property to pass a key directory to mkimage
Simon Glass
sjg at chromium.org
Tue Aug 6 23:51:27 CEST 2024
Hi Paul,
On Mon, 5 Aug 2024 at 07:35, Paul HENRYS <paul.henrys_ext at softathome.com> wrote:
>
> The property 'fit,keys-directory' can be added to the configuration file
> passed to binman to specify a directory where keys are stored and can be
> used by mkimage to sign and cipher data.
Environmental things like directories are best handled by binman
itself, e.g. with the --indir argument.
In this case it seems that you want a specific directory, rather than
finding the keys in one of many possible directories. So I suggest
adding a new entryarg for the FIT which lets you specify this key dir.
>
> Signed-off-by: Paul HENRYS <paul.henrys_ext at softathome.com>
> ---
> tools/binman/btool/mkimage.py | 5 ++++-
> tools/binman/entries.rst | 3 +++
> tools/binman/etype/fit.py | 6 ++++++
> 3 files changed, 13 insertions(+), 1 deletion(-)
BTW when you change the fit docs you need to use 'binman entry-docs'
to regenerate the entries.rts file, in the same patch.
>
> diff --git a/tools/binman/btool/mkimage.py b/tools/binman/btool/mkimage.py
> index 39a4c8c1432..dbcf8daac30 100644
> --- a/tools/binman/btool/mkimage.py
> +++ b/tools/binman/btool/mkimage.py
> @@ -22,7 +22,7 @@ class Bintoolmkimage(bintool.Bintool):
>
> # pylint: disable=R0913
> def run(self, reset_timestamp=False, output_fname=None, external=False,
> - pad=None, align=None):
> + pad=None, align=None, keys_dir=None):
> """Run mkimage
>
> Args:
> @@ -34,6 +34,7 @@ class Bintoolmkimage(bintool.Bintool):
> other things to be easily added later, if required, such as
> signatures
> align: Bytes to use for alignment of the FIT and its external data
> + keys_dir: directory where keys are stored
> version: True to get the mkimage version
> """
> args = []
> @@ -45,6 +46,8 @@ class Bintoolmkimage(bintool.Bintool):
> args += ['-B', f'{align:x}']
> if reset_timestamp:
> args.append('-t')
> + if keys_dir:
> + args += ['-k', keys_dir]
> if output_fname:
> args += ['-F', output_fname]
> return self.run_cmd(*args)
> diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst
> index 12482703782..eb33eb9eedf 100644
> --- a/tools/binman/entries.rst
> +++ b/tools/binman/entries.rst
> @@ -864,6 +864,9 @@ The top-level 'fit' node supports the following special properties:
>
> fit,fdt-list-dir = "arch/arm/dts
>
> + fit,keys-directory
> + Provides a directory where keys can be retrieved.
> +
> Substitutions
> ~~~~~~~~~~~~~
>
> diff --git a/tools/binman/etype/fit.py b/tools/binman/etype/fit.py
> index ee44e5a1cd6..d20906aab3b 100644
> --- a/tools/binman/etype/fit.py
> +++ b/tools/binman/etype/fit.py
> @@ -96,6 +96,9 @@ class Entry_fit(Entry_section):
>
> fit,fdt-list-dir = "arch/arm/dts
>
> + fit,keys-directory
> + Provides a directory where keys can be retrieved.
> +
> Substitutions
> ~~~~~~~~~~~~~
>
> @@ -518,6 +521,9 @@ class Entry_fit(Entry_section):
> align = self._fit_props.get('fit,align')
> if align is not None:
> args.update({'align': fdt_util.fdt32_to_cpu(align.value)})
> + keys_dir = self._fit_props.get('fit,keys-directory')
> + if keys_dir is not None:
> + args.update({'keys_dir': keys_dir.value})
> if self.mkimage.run(reset_timestamp=True, output_fname=output_fname,
> **args) is None:
> if not self.GetAllowMissing():
> --
> 2.25.1
>
> -- This message and any attachments herein are confidential, intended solely for the addressees and are SoftAtHome’s ownership. Any unauthorized use or dissemination is prohibited. If you are not the intended addressee of this message, please cancel it immediately and inform the sender.
Regards,
Simon
More information about the U-Boot
mailing list