[PATCH v4 5/6] spl: fit: add Kconfig option to specify key-hint for fit_generator

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Heiko Stuebner <heiko@sntech.de>
To: u-boot@lists.denx.de
Subject: [PATCH v4 5/6] spl: fit: add Kconfig option to specify key-hint for fit_generator
Date: Fri, 19 Jun 2020 12:45:49 +0200	[thread overview]
Message-ID: <20200619104550.1972307-6-heiko@sntech.de> (raw)
In-Reply-To: <20200619104550.1972307-1-heiko@sntech.de>

From: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>

The u-boot.itb can be generated either from a static .its that can
simply include the needed signature nodes with key-hints or from a
fit-generator script referenced in CONFIG_SPL_FIT_GENERATOR.

In the script-case it will need to know what key to include for the
key-hint and specified algorithm, so add an option for that key-name.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
---
 Kconfig                  |  8 ++++++++
 doc/uImage.FIT/howto.txt | 13 +++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/Kconfig b/Kconfig
index 05a13d1836..de144ae430 100644
--- a/Kconfig
+++ b/Kconfig
@@ -548,6 +548,14 @@ config SPL_FIT_GENERATOR
 	  passed a list of supported device tree file stub names to
 	  include in the generated image.
 
+config SPL_FIT_GENERATOR_KEY_HINT
+	string "key hint for signing U-Boot FIT image"
+	depends on SPL_FIT_SIGNATURE
+	default "dev"
+	help
+	  The key hint to store in both the generated .its file as well as
+	  u-boot-key.dtb generated separately and embedded into the SPL.
+
 endif # SPL
 
 endif # FIT
diff --git a/doc/uImage.FIT/howto.txt b/doc/uImage.FIT/howto.txt
index 8592719685..f409b3770e 100644
--- a/doc/uImage.FIT/howto.txt
+++ b/doc/uImage.FIT/howto.txt
@@ -66,6 +66,19 @@ can point to a script which generates this image source file during
 the build process. It gets passed a list of device tree files (taken from the
 CONFIG_OF_LIST symbol).
 
+Signing u-boot.itb with SPL_FIT_GENERATOR
+-----------------------------------------
+
+u-boot.itb can be signed to verify the integrity of its components.
+When CONFIG_SPL_FIT_SIGNATURE is enabled the CONFIG_SPL_FIT_SIGNATURE_KEY_DIR
+option can be used to specifiy the key directory - either a relative or
+absolute path.
+
+See signature.txt for general signature handling, but when
+CONFIG_SPL_FIT_GENERATOR is used the option CONFIG_SPL_FIT_GENERATOR_KEY_HINT
+can be used to specify the key-hint that should be included into the
+created u-boot.its by the generator.
+
 Example 1 -- old-style (non-FDT) kernel booting
 -----------------------------------------------
 
-- 
2.26.2

next prev parent reply	other threads:[~2020-06-19 10:45 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-19 10:45 [PATCH v4 0/6] rockchip: make it possible to sign the u-boot.itb Heiko Stuebner
2020-06-19 10:45 ` [PATCH v4 1/6] imx: mkimage_fit_atf: Fix FIT image if BL31.bin missing Heiko Stuebner
2020-06-19 10:45 ` [PATCH v4 2/6] mkimage: fit_image: handle multiple errors when writing signatures Heiko Stuebner
2020-06-19 10:45 ` [PATCH v4 3/6] spl: fit: dont set U_BOOT_ITS var if not build SPL_FIT support Heiko Stuebner
2020-06-19 10:45 ` [PATCH v4 4/6] spl: fit: enable signing a generated u-boot.itb Heiko Stuebner
2020-06-19 10:45 ` Heiko Stuebner [this message]
2020-06-19 10:45 ` [PATCH v4 6/6] rockchip: make_fit_atf: add signature handling Heiko Stuebner
2020-06-26  1:12   ` Simon Glass
2020-07-07 12:00     ` [PATCH v4 6/6] rockchip: make_fit_atf: add signature handling【请注意，邮件由sjg@google.com代发】 Kever Yang
2020-07-10  0:35       ` Simon Glass
2020-06-30 12:36   ` [PATCH v4 6/6] rockchip: make_fit_atf: add signature handling Tom Rini
2020-06-30 12:46     ` Heiko Stübner
2020-06-30 13:04       ` Tom Rini

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:05a13d183 dfblob:de144ae43 dfblob:859271968 dfblob:f409b3770 )
 OR (
bs:"[PATCH v4 5/6] spl: fit: add Kconfig option to specify key-hint for fit_generator" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200619104550.1972307-6-heiko@sntech.de \
    --to=heiko@sntech.de \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox