When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.
Signed-off-by: Simon Glass <s...@chromium.org>
Reviewed-by: Marek Vasut <ma...@denx.de>
---
Changes in v2:
- Adjust mkimage help to separate out signing options
- Rebase on previous patches
doc/mkimage.1 | 6 ++++++
tools/fit_image.c | 4 ++--
tools/mkimage.c | 8 +++++++-
tools/mkimage.h | 1 +
4 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/doc/mkimage.1 b/doc/mkimage.1
index f9c733a..b67a351 100644
--- a/doc/mkimage.1
+++ b/doc/mkimage.1
@@ -97,6 +97,12 @@ Set XIP (execute in place) flag.
.B Create FIT image:
.TP
+.BI "\-c [" "comment" "]"
+Specifies a comment to be added when signing. This is typically a useful
+message which describes how the image was signed or some other useful
+information.
+
+.TP
.BI "\-D [" "dtc options" "]"
Provide special options to the device tree compiler that is used to
create the image.
diff --git a/tools/fit_image.c b/tools/fit_image.c
index 645e93c..d48f571 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -153,9 +153,9 @@ static int fit_handle_file (struct mkimage_params *params)
/* set hashes for images in the blob */
if (fit_add_verification_data(params->keydir, dest_blob, ptr,
- NULL, 0)) {
+ params->comment, 0)) {
fprintf (stderr, "%s Can't add hashes to FIT blob",
- params->cmdname);
+ params->cmdname);
goto err_add_hashes;
}
diff --git a/tools/mkimage.c b/tools/mkimage.c
index e2b82d0..b3b45a4 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -183,6 +183,11 @@ main (int argc, char **argv)
genimg_get_arch_id (*++argv)) < 0)
usage ();
goto NXTARG;
+ case 'c':
+ if (--argc <= 0)
+ usage();
+ params.comment = *++argv;
+ goto NXTARG;
case 'C':
if ((--argc <= 0) ||
(params.comp =
@@ -640,9 +645,10 @@ usage ()
fprintf(stderr, " -D => set options for device tree compiler\n"
" -f => input filename for FIT source\n");
#ifdef CONFIG_FIT_SIGNATURE
- fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K
dtb]\n"
+ fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb]
[ -c <comment>]\n"
" -k => set directory containing private
keys\n"
" -K => write public keys to this .dtb file\n"
+ " -c => add comment in signature node\n"
" -F => re-sign existing FIT image\n");
#else
fprintf(stderr, "Signing / verified boot not supported
(CONFIG_FIT_SIGNATURE undefined)\n");
diff --git a/tools/mkimage.h b/tools/mkimage.h
index 41bec21..4391ca8 100644
--- a/tools/mkimage.h
+++ b/tools/mkimage.h
@@ -77,6 +77,7 @@ struct mkimage_params {
char *cmdname;
const char *keydir; /* Directory holding private keys */
const char *keydest; /* Destination .dtb for public key */
+ const char *comment; /* Comment to add to signature node */
};
/*
--
1.8.1.3
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
