From: Marek Vasut <marex@denx.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [RFC PATCH 37/44] mkimage: Add -K to write public keys to an FDT blob
Date: Sat, 5 Jan 2013 09:25:25 +0100 [thread overview]
Message-ID: <201301050925.25341.marex@denx.de> (raw)
In-Reply-To: <1357350734-13737-38-git-send-email-sjg@chromium.org>
Dear Simon Glass,
> FIT image verification requires public keys. Add a convenient option to
> mkimage to write the public keys to an FDT blob when it uses then for
> signing an image. This allows us to use:
>
> mkimage -f test.its -K dest.dtb -k keys test.fit
>
> and have the signatures written to test.fit and the corresponding public
> keys written to dest.dtb. Then dest.dtb can be used as the control FDT
> for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
> public keys it needs.
>
> Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
Best regards,
Marek Vasut
next prev parent reply other threads:[~2013-01-05 8:25 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-05 1:51 [U-Boot] [RFC PATCH 0/44] RFC: Verified boot implementation based on FIT Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 01/44] sandbox: config: Enable CONFIG_FIT and CONFIG_CMD_FIT Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 02/44] bootstage: Don't build for HOSTCC Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 03/44] mkimage: Move ARRAY_SIZE to header file Simon Glass
2013-01-05 8:02 ` Marek Vasut
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 04/44] libfdt: Add fdt_next_subnode() to permit easy subnode iteration Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 05/44] image: Move timestamp #ifdefs to header file Simon Glass
2013-01-05 8:03 ` Marek Vasut
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 06/44] image: Export fit_check_ramdisk() Simon Glass
2013-01-05 8:04 ` Marek Vasut
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 07/44] image: Split FIT code into new image-fit.c Simon Glass
2013-01-05 8:05 ` Marek Vasut
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 08/44] image: Move HOSTCC image code to tools/ Simon Glass
2013-01-05 8:07 ` Marek Vasut
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 09/44] image: Split hash node processing into its own function Simon Glass
2013-01-05 8:08 ` Marek Vasut
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 10/44] image: Convert fit_image_hash_set_value() to static, and rename Simon Glass
2013-01-05 8:09 ` Marek Vasut
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 11/44] image: Rename fit_image_check_hashes() to fit_image_verify() Simon Glass
2013-01-05 8:09 ` Marek Vasut
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 12/44] image: Move hash checking into its own functions Simon Glass
2013-01-05 8:10 ` Marek Vasut
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 13/44] image: Move error! string to common place Simon Glass
2013-01-05 8:11 ` Marek Vasut
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 14/44] image: Export fit_conf_get_prop_node() Simon Glass
2013-01-05 8:12 ` Marek Vasut
2013-03-18 20:40 ` Simon Glass
2013-03-18 21:19 ` Marek Vasut
2013-03-18 21:57 ` Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 15/44] image: Rename fit_add_hashes() to fit_add_verification_data() Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 16/44] image: Rename hash printing to fit_image_print_verification_data() Simon Glass
2013-01-05 8:14 ` Marek Vasut
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 17/44] sandbox: Add CONFIG_OF_HOSTFILE to read FDT from host file Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 18/44] fdt: Add a parameter to fdt_valid() Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 19/44] Add getenv_hex() to return an environment variable as hex Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 20/44] fdt: Allow fdt command to check and update control FDT Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 21/44] sandbox: fdt: Support fdt command for sandbox Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 22/44] env: Fix minor comment typos in cmd_nvedit Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 23/44] fdt: Skip checking FDT if the pointer is NULL Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 24/44] Revert "fdt- Tell the FDT library where the device tree is" Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 25/44] Add stdarg to vsprintf.h Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 26/44] Add minor updates to README.fdt-control Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 27/44] hash: Add a way to calculate a hash for any algortihm Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 28/44] sandbox: config: Enable FIT signatures with RSA Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 29/44] sandbox: Provide a way to map from host RAM to U-Boot RAM Simon Glass
2013-01-05 1:51 ` [U-Boot] [RFC PATCH 30/44] sandbox: image: Add support for booting images in sandbox Simon Glass
2013-01-05 8:16 ` Marek Vasut
2013-01-05 1:52 ` [U-Boot] [RFC PATCH 31/44] image: Add signing infrastructure Simon Glass
2013-01-05 1:52 ` [U-Boot] [RFC PATCH 32/44] image: Support signing of images Simon Glass
2013-01-05 8:19 ` Marek Vasut
2013-01-05 21:50 ` Simon Glass
2013-01-05 1:52 ` [U-Boot] [RFC PATCH 33/44] image: Verify signatures in FIT images Simon Glass
2013-01-05 8:20 ` Marek Vasut
2013-01-05 21:48 ` Simon Glass
2013-01-05 1:52 ` [U-Boot] [RFC PATCH 34/44] image: Add RSA support for image signing Simon Glass
2013-01-05 8:23 ` Marek Vasut
2013-01-05 1:52 ` [U-Boot] [RFC PATCH 35/44] mkimage: Put FIT loading in function and tidy error handling Simon Glass
2013-01-05 8:24 ` Marek Vasut
2013-01-05 21:51 ` Simon Glass
2013-01-05 1:52 ` [U-Boot] [RFC PATCH 36/44] mkimage: Add -k option to specify key directory Simon Glass
2013-01-05 8:24 ` Marek Vasut
2013-01-05 1:52 ` [U-Boot] [RFC PATCH 37/44] mkimage: Add -K to write public keys to an FDT blob Simon Glass
2013-01-05 8:25 ` Marek Vasut [this message]
2013-01-05 1:52 ` [U-Boot] [RFC PATCH 38/44] mkimage: Add -F option to modify an existing .fit file Simon Glass
2013-01-05 8:26 ` Marek Vasut
2013-01-05 1:52 ` [U-Boot] [RFC PATCH 39/44] mkimage: Add -c option to specify a comment for key signing Simon Glass
2013-01-05 8:26 ` Marek Vasut
2013-01-05 1:52 ` [U-Boot] [RFC PATCH 40/44] mkimage: Add -r option to specify keys that must be verified Simon Glass
2013-01-05 8:27 ` Marek Vasut
2013-01-05 1:52 ` [U-Boot] [RFC PATCH 41/44] libfdt: Add fdt_find_regions() Simon Glass
2013-01-05 1:52 ` [U-Boot] [RFC PATCH 42/44] image: Add support for signing of FIT configurations Simon Glass
2013-01-05 1:52 ` [U-Boot] [RFC PATCH 43/44] Add verified boot information and test Simon Glass
2013-01-05 1:52 ` [U-Boot] [RFC PATCH 44/44] WIP: sandbox: config: Add test config for verified boot Simon Glass
2013-03-08 4:25 ` [U-Boot] [RFC PATCH 0/44] RFC: Verified boot implementation based on FIT Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201301050925.25341.marex@denx.de \
--to=marex@denx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox