Hi Quentin, From: Quentin Schulz <[email protected]> > Currently, when one wants to use an OpenSSL engine to sign a FIT image, > one needs to pass a keydir (via -k) to mkimage which will then be > prepended to the value of the key-name-hint before being passed as > key_id argument to the OpenSSL Engine API, or pass a keyfile (via -G) to > mkimage. > > My OpenSSL engine only has "slots" which are not mapped like > directories, so using keydir is not proper, though I could simply have > -k '' I guess but this won't work currently with binman anyway. > > Additionally, passing a keyfile when using an engine doesn't make sense > as the key is stored in the engine. > > Let simply allow FIT images be signed if both keydir and keyfile are > missing but an engine is to be used. > > The keyname member is already filled by looking at key-name-hint > property in the FIT and passed verbatim to the engine, which is exactly > what is needed here. > > Signed-off-by: Quentin Schulz <[email protected]> > --- > tools/fit_image.c | 3 ++- > tools/image-host.c | 4 ++-- > 2 files changed, 4 insertions(+), 3 deletions(-)
Reviewed-by: Wolfgang Wallner <[email protected]> Regards, Wolfgang
