On 25.11.21 20:03, Jan Kiszka wrote:
Another step to decouple the FIT image specification from the actual
signing: With these changes, the signature nodes can leave out an algo
property, mkimage will initialize that as well while signing. This way,
in-tree FIT source files can be prepared for gaining signatures without
defining the key type or size upfront, forcing users to patch the code
to change that.
Patch 1 is preparatory for this, patch 2 a drive-by cleanup.
A better solution would actually be if the algorithm was derived from
the provided key. But the underlying crypto layer seems to be rather
unprepared for that.
Jan
Jan Kiszka (3):
image-fit: Make string of algo parameter constant
mkimage: Drop unused OPT_STRING constant
mkimage: Allow to specify the signature algorithm on the command line
boot/image-fit-sig.c | 2 +-
boot/image-fit.c | 8 +++----
doc/mkimage.1 | 5 +++++
include/image.h | 5 +++--
tools/fit_image.c | 3 ++-
tools/image-host.c | 50 +++++++++++++++++++++++++-------------------
tools/imagetool.h | 1 +
tools/mkimage.c | 6 ++++--
8 files changed, 49 insertions(+), 31 deletions(-)
Ping on this series.
Jan
--
Siemens AG, Technology
Competence Center Embedded Linux
