diff options
| author | Alexandru Gagniuc <mr.nuke.me@gmail.com> | 2021-02-19 12:45:17 -0600 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2021-04-14 15:23:01 -0400 |
| commit | 36bfcb62b3e7b846d0b693828df54a0d58e07511 (patch) | |
| tree | 03d50859acde65af4076bd5565c71e3ae765a3c7 /tools/image-host.c | |
| parent | fb6532ec6c0c247dc204f65cb298d0865f7eaf3b (diff) | |
| download | u-boot-36bfcb62b3e7b846d0b693828df54a0d58e07511.zip u-boot-36bfcb62b3e7b846d0b693828df54a0d58e07511.tar.gz u-boot-36bfcb62b3e7b846d0b693828df54a0d58e07511.tar.bz2 | |
mkimage: Add a 'keyfile' argument for image signing
It's not always desirable to use 'keydir' and some ad-hoc heuristics
to get the filename of the signing key. More often, just passing the
filename is the simpler, easier, and logical thing to do.
Since mkimage doesn't use long options, we're slowly running out of
letters. I've chosen '-G' because it was available.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'tools/image-host.c')
| -rw-r--r-- | tools/image-host.c | 58 |
1 files changed, 32 insertions, 26 deletions
diff --git a/tools/image-host.c b/tools/image-host.c index 33a22412..270d36f 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -153,8 +153,9 @@ static int fit_image_write_sig(void *fit, int noffset, uint8_t *value, } static int fit_image_setup_sig(struct image_sign_info *info, - const char *keydir, void *fit, const char *image_name, - int noffset, const char *require_keys, const char *engine_id) + const char *keydir, const char *keyfile, void *fit, + const char *image_name, int noffset, const char *require_keys, + const char *engine_id) { const char *node_name; char *algo_name; @@ -171,6 +172,7 @@ static int fit_image_setup_sig(struct image_sign_info *info, memset(info, '\0', sizeof(*info)); info->keydir = keydir; + info->keyfile = keyfile; info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); info->fit = fit; info->node_offset = noffset; @@ -207,8 +209,8 @@ static int fit_image_setup_sig(struct image_sign_info *info, * @engine_id: Engine to use for signing * @return 0 if ok, -1 on error */ -static int fit_image_process_sig(const char *keydir, void *keydest, - void *fit, const char *image_name, +static int fit_image_process_sig(const char *keydir, const char *keyfile, + void *keydest, void *fit, const char *image_name, int noffset, const void *data, size_t size, const char *comment, int require_keys, const char *engine_id, const char *cmdname) @@ -220,8 +222,9 @@ static int fit_image_process_sig(const char *keydir, void *keydest, uint value_len; int ret; - if (fit_image_setup_sig(&info, keydir, fit, image_name, noffset, - require_keys ? "image" : NULL, engine_id)) + if (fit_image_setup_sig(&info, keydir, keyfile, fit, image_name, + noffset, require_keys ? "image" : NULL, + engine_id)) return -1; node_name = fit_get_name(fit, noffset, NULL); @@ -598,9 +601,10 @@ int fit_image_cipher_data(const char *keydir, void *keydest, * @engine_id: Engine to use for signing * @return: 0 on success, <0 on failure */ -int fit_image_add_verification_data(const char *keydir, void *keydest, - void *fit, int image_noffset, const char *comment, - int require_keys, const char *engine_id, const char *cmdname) +int fit_image_add_verification_data(const char *keydir, const char *keyfile, + void *keydest, void *fit, int image_noffset, + const char *comment, int require_keys, const char *engine_id, + const char *cmdname) { const char *image_name; const void *data; @@ -632,10 +636,10 @@ int fit_image_add_verification_data(const char *keydir, void *keydest, strlen(FIT_HASH_NODENAME))) { ret = fit_image_process_hash(fit, image_name, noffset, data, size); - } else if (IMAGE_ENABLE_SIGN && keydir && + } else if (IMAGE_ENABLE_SIGN && (keydir || keyfile) && !strncmp(node_name, FIT_SIG_NODENAME, strlen(FIT_SIG_NODENAME))) { - ret = fit_image_process_sig(keydir, keydest, + ret = fit_image_process_sig(keydir, keyfile, keydest, fit, image_name, noffset, data, size, comment, require_keys, engine_id, cmdname); } @@ -918,10 +922,10 @@ static int fit_config_get_data(void *fit, int conf_noffset, int noffset, return 0; } -static int fit_config_process_sig(const char *keydir, void *keydest, - void *fit, const char *conf_name, int conf_noffset, - int noffset, const char *comment, int require_keys, - const char *engine_id, const char *cmdname) +static int fit_config_process_sig(const char *keydir, const char *keyfile, + void *keydest, void *fit, const char *conf_name, + int conf_noffset, int noffset, const char *comment, + int require_keys, const char *engine_id, const char *cmdname) { struct image_sign_info info; const char *node_name; @@ -938,7 +942,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest, ®ion_count, ®ion_prop, ®ion_proplen)) return -1; - if (fit_image_setup_sig(&info, keydir, fit, conf_name, noffset, + if (fit_image_setup_sig(&info, keydir, keyfile, fit, conf_name, noffset, require_keys ? "conf" : NULL, engine_id)) return -1; @@ -983,9 +987,10 @@ static int fit_config_process_sig(const char *keydir, void *keydest, return 0; } -static int fit_config_add_verification_data(const char *keydir, void *keydest, - void *fit, int conf_noffset, const char *comment, - int require_keys, const char *engine_id, const char *cmdname) +static int fit_config_add_verification_data(const char *keydir, + const char *keyfile, void *keydest, void *fit, int conf_noffset, + const char *comment, int require_keys, const char *engine_id, + const char *cmdname) { const char *conf_name; int noffset; @@ -1002,7 +1007,7 @@ static int fit_config_add_verification_data(const char *keydir, void *keydest, node_name = fit_get_name(fit, noffset, NULL); if (!strncmp(node_name, FIT_SIG_NODENAME, strlen(FIT_SIG_NODENAME))) { - ret = fit_config_process_sig(keydir, keydest, + ret = fit_config_process_sig(keydir, keyfile, keydest, fit, conf_name, conf_noffset, noffset, comment, require_keys, engine_id, cmdname); } @@ -1048,9 +1053,10 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit, return 0; } -int fit_add_verification_data(const char *keydir, void *keydest, void *fit, - const char *comment, int require_keys, - const char *engine_id, const char *cmdname) +int fit_add_verification_data(const char *keydir, const char *keyfile, + void *keydest, void *fit, const char *comment, + int require_keys, const char *engine_id, + const char *cmdname) { int images_noffset, confs_noffset; int noffset; @@ -1072,7 +1078,7 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, * Direct child node of the images parent node, * i.e. component image node. */ - ret = fit_image_add_verification_data(keydir, keydest, + ret = fit_image_add_verification_data(keydir, keyfile, keydest, fit, noffset, comment, require_keys, engine_id, cmdname); if (ret) @@ -1080,7 +1086,7 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, } /* If there are no keys, we can't sign configurations */ - if (!IMAGE_ENABLE_SIGN || !keydir) + if (!IMAGE_ENABLE_SIGN || !(keydir || keyfile)) return 0; /* Find configurations parent node offset */ @@ -1095,7 +1101,7 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, for (noffset = fdt_first_subnode(fit, confs_noffset); noffset >= 0; noffset = fdt_next_subnode(fit, noffset)) { - ret = fit_config_add_verification_data(keydir, keydest, + ret = fit_config_add_verification_data(keydir, keyfile, keydest, fit, noffset, comment, require_keys, engine_id, cmdname); |