From: Ivan Mikhaylov <fr0st61te@gmail.com>
To: Simon Glass <sjg@chromium.org>, Jan Kiszka <jan.kiszka@siemens.com>
Cc: u-boot@lists.denx.de, Ivan Mikhaylov <fr0st61te@gmail.com>
Subject: [PATCH v2 0/5] Introduce new sign binman's option
Date: Wed, 8 Mar 2023 01:13:37 +0000 [thread overview]
Message-ID: <20230308011342.21992-1-fr0st61te@gmail.com> (raw)
This patch introduces prototype of new sign binman's option.
Enhancing the sign procedure, as example:
mkimage -G privateky -r -o sha256,rsa4096 -F fit.fit
binman replace -i flash.bin -f fit.fit fit
into:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit
It works with extracted FIT container and image, which provides key signing
of FIT container and replacing of it in directed image.
Also it is possible to sign exact FIT container in place.
As example:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit
Add fdt_add_pubkey utility which provides possibility of add pub keys
into DTB. This one needed mostly for test coverage of binman sign option
but could be useful when private and pub keys are separated.
Depends on "binman: Support updating section contents".
Ivan Mikhaylov (3):
binman: add documentation for binman sign option
binman: add sign option for binman
binman: add tests for sign option
Roman Kopytin (2):
tools: add fdt_add_pubkey
test_vboot.py: include test of fdt_add_pubkey tool
test/py/tests/test_vboot.py | 8 ++
tools/.gitignore | 1 +
tools/Makefile | 3 +
tools/binman/binman.rst | 18 ++++
tools/binman/cmdline.py | 13 +++
tools/binman/control.py | 29 +++++-
tools/binman/etype/fit.py | 18 ++++
tools/binman/etype/section.py | 3 +
tools/binman/ftest.py | 61 +++++++++++++
tools/binman/test/277_fit_sign.dts | 63 +++++++++++++
tools/fdt_add_pubkey.c | 138 +++++++++++++++++++++++++++++
11 files changed, 354 insertions(+), 1 deletion(-)
create mode 100644 tools/binman/test/277_fit_sign.dts
create mode 100644 tools/fdt_add_pubkey.c
--
2.39.1
next reply other threads:[~2023-03-08 13:20 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-08 1:13 Ivan Mikhaylov [this message]
2023-03-08 1:13 ` [PATCH v2 1/5] binman: add documentation for binman sign option Ivan Mikhaylov
2023-03-11 1:47 ` Simon Glass
2023-03-12 17:36 ` Simon Glass
2023-03-08 1:13 ` [PATCH v2 2/5] binman: add sign option for binman Ivan Mikhaylov
2023-03-11 1:37 ` Simon Glass
2023-03-11 1:47 ` Simon Glass
2023-03-12 17:36 ` Simon Glass
2023-03-08 1:13 ` [PATCH v2 3/5] binman: add tests for sign option Ivan Mikhaylov
2023-03-11 1:47 ` Simon Glass
2023-03-11 1:48 ` Simon Glass
2023-03-12 17:36 ` Simon Glass
2023-03-08 1:13 ` [PATCH v2 4/5] tools: add fdt_add_pubkey Ivan Mikhaylov
2023-03-11 1:47 ` Simon Glass
2023-03-08 1:13 ` [PATCH v2 5/5] test_vboot.py: include test of fdt_add_pubkey tool Ivan Mikhaylov
2023-03-11 1:46 ` Simon Glass
2023-03-16 4:17 ` Ivan Mikhaylov
2023-03-16 13:59 ` Simon Glass
2023-03-16 17:45 ` Ivan Mikhaylov
2023-03-16 21:49 ` Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230308011342.21992-1-fr0st61te@gmail.com \
--to=fr0st61te@gmail.com \
--cc=jan.kiszka@siemens.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox