From: Heiko Stuebner <heiko@sntech.de>
To: u-boot@lists.denx.de
Subject: [PATCH v4 0/6] rockchip: make it possible to sign the u-boot.itb
Date: Fri, 19 Jun 2020 12:45:44 +0200 [thread overview]
Message-ID: <20200619104550.1972307-1-heiko@sntech.de> (raw)
From: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
This series makes it possible to sign a generated u-boot.itb automatically
even if the its-source got created by a generator script.
To let the SPL know about the key, the -K option for mkimage points
to the dts/dt-spl.dtb which can then get included into the spl binary.
Tested on Rockchip PX30 with a TPL -> SPL -> U-Boot.itb bootchain.
I've split out the the rsa/crypto fixes into a separate series
starting at [0].
Simon asked for fit_image_write_sig() to always return an errno code,
never an FDT code and suggested that this could be a follow-on patch.
So I've kept code that way and will provide a follow up series
to convert the return code handling.
[0] https://patchwork.ozlabs.org/project/uboot/patch/20200522141937.3523692-1-heiko at sntech.de/
changes in v4:
- add patch to fix the always defined U_BOOT_ITS in Makefile
- adapt Rockchip make_fit_atf to both python2+3 caused by the
different crypto-implementations
changes in v3:
- add patch to fix imx make_fit_atf.sh error handling
- split out rsa fixes into separate series
changes in v2.1:
- depend on $(CONFIG_SPL_FIT_SIGNATURE)$(U_BOOT_ITS)
instead of only $(CONFIG_SPL_FIT_GENERATOR)
changes in v2:
- add received reviews
- fix commit message typo
- add doc snippet explaining CONFIG_SPL_FIT_GENERATOR_KEY_HINT
Heiko Stuebner (6):
imx: mkimage_fit_atf: Fix FIT image if BL31.bin missing
mkimage: fit_image: handle multiple errors when writing signatures
spl: fit: dont set U_BOOT_ITS var if not build SPL_FIT support
spl: fit: enable signing a generated u-boot.itb
spl: fit: add Kconfig option to specify key-hint for fit_generator
rockchip: make_fit_atf: add signature handling
Kconfig | 16 ++++++++
Makefile | 13 +++++-
arch/arm/mach-imx/mkimage_fit_atf.sh | 4 +-
arch/arm/mach-rockchip/make_fit_atf.py | 57 +++++++++++++++++++++++++-
doc/uImage.FIT/howto.txt | 13 ++++++
tools/image-host.c | 2 +-
6 files changed, 100 insertions(+), 5 deletions(-)
--
2.26.2
next reply other threads:[~2020-06-19 10:45 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-19 10:45 Heiko Stuebner [this message]
2020-06-19 10:45 ` [PATCH v4 1/6] imx: mkimage_fit_atf: Fix FIT image if BL31.bin missing Heiko Stuebner
2020-06-19 10:45 ` [PATCH v4 2/6] mkimage: fit_image: handle multiple errors when writing signatures Heiko Stuebner
2020-06-19 10:45 ` [PATCH v4 3/6] spl: fit: dont set U_BOOT_ITS var if not build SPL_FIT support Heiko Stuebner
2020-06-19 10:45 ` [PATCH v4 4/6] spl: fit: enable signing a generated u-boot.itb Heiko Stuebner
2020-06-19 10:45 ` [PATCH v4 5/6] spl: fit: add Kconfig option to specify key-hint for fit_generator Heiko Stuebner
2020-06-19 10:45 ` [PATCH v4 6/6] rockchip: make_fit_atf: add signature handling Heiko Stuebner
2020-06-26 1:12 ` Simon Glass
2020-07-07 12:00 ` [PATCH v4 6/6] rockchip: make_fit_atf: add signature handling【请注意,邮件由sjg@google.com代发】 Kever Yang
2020-07-10 0:35 ` Simon Glass
2020-06-30 12:36 ` [PATCH v4 6/6] rockchip: make_fit_atf: add signature handling Tom Rini
2020-06-30 12:46 ` Heiko Stübner
2020-06-30 13:04 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200619104550.1972307-1-heiko@sntech.de \
--to=heiko@sntech.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox