This patch introduces prototype of new sign binman's option. Enhancing the sign procedure, as example:
mkimage -G privateky -r -o sha256,rsa4096 -F fit.fit binman replace -i flash.bin -f fit.fit fit into: binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit It works with extracted FIT container and image, which provides key signing of FIT container and replacing of it in directed image. Also it is possible to sign exact FIT container in place. As example: binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit Add fdt_add_pubkey utility which provides possibility of add pub keys into DTB. This one needed mostly for test coverage of binman sign option but could be useful when private and pub keys are separated. Depends on "binman: Support updating section contents". Ivan Mikhaylov (3): binman: add documentation for binman sign option binman: add sign option for binman binman: add tests for sign option Roman Kopytin (2): tools: add fdt_add_pubkey test_vboot.py: include test of fdt_add_pubkey tool test/py/tests/test_vboot.py | 8 ++ tools/.gitignore | 1 + tools/Makefile | 3 + tools/binman/binman.rst | 18 ++++ tools/binman/cmdline.py | 13 +++ tools/binman/control.py | 29 +++++- tools/binman/etype/fit.py | 18 ++++ tools/binman/etype/section.py | 3 + tools/binman/ftest.py | 61 +++++++++++++ tools/binman/test/277_fit_sign.dts | 63 +++++++++++++ tools/fdt_add_pubkey.c | 138 +++++++++++++++++++++++++++++ 11 files changed, 354 insertions(+), 1 deletion(-) create mode 100644 tools/binman/test/277_fit_sign.dts create mode 100644 tools/fdt_add_pubkey.c -- 2.39.1