From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marek Vasut Date: Sat, 5 Jan 2013 09:27:04 +0100 Subject: [U-Boot] [RFC PATCH 40/44] mkimage: Add -r option to specify keys that must be verified In-Reply-To: <1357350734-13737-41-git-send-email-sjg@chromium.org> References: <1357350734-13737-1-git-send-email-sjg@chromium.org> <1357350734-13737-41-git-send-email-sjg@chromium.org> Message-ID: <201301050927.04241.marex@denx.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Dear Simon Glass, > Normally, multiple public keys can be provided and U-Boot is not > required to use all of them for verification. This is because some > images may not be signed, or may be optionally signed. > > But we still need a mechanism to determine when a key must be used. > This feature cannot be implemented in the FIT itself, since anyone > could change it to mark a key as optional. The requirement for > key verification must go in with the public keys, in a place that > is protected from modification. > > Add a -r option which tells mkimage to mark all keys that it uses > for signing as 'required'. > > If some keys are optional and some are required, run mkimage several > times (perhaps with different key directories if some keys are very > secret) using the -F flag to update an existing FIT. > > Signed-off-by: Simon Glass Reviewed-by: Marek Vasut Best regards, Marek Vasut