[PATCH] mkimage: Allow 'auto-conf' signing of scripts
Tom Rini
trini at konsulko.com
Sat Jul 6 00:39:32 CEST 2024
On Thu, Jun 20, 2024 at 04:20:59PM +0200, Alexander Dahl wrote:
> U-Boot configured for verified boot with the "required" option set to
> "conf" also checks scripts put in FIT images for a valid signature, and
> refuses to source and run such a script if the signature for the
> configuration is bad or missing. Such a script could not be packaged
> before, because mkimage failed like this:
>
> % tools/mkimage -T script -C none -d tmp/my.scr -f auto-conf -k tmp -g dev -o sha256,rsa4096 my.uimg
> Failed to find any images for configuration 'conf-1/signature'
> tools/mkimage Can't add hashes to FIT blob: -1
> Error: Bad parameters for FIT image type
>
> This is especially unfortunate if LEGACY_IMAGE_FORMAT is disabled as
> recommended.
>
> Listing the script configuration in a "sign-images" subnode instead,
> would have added even more complexity to the already complex auto fit
> generation code.
>
> Signed-off-by: Alexander Dahl <ada at thorsis.com>
Applied to u-boot/master, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20240705/6c7cebe8/attachment.sig>
More information about the U-Boot
mailing list