From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B7F59C433F5 for ; Thu, 25 Nov 2021 19:03:15 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 482CD8321B; Thu, 25 Nov 2021 20:03:12 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=siemens.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 495378365E; Thu, 25 Nov 2021 20:03:10 +0100 (CET) Received: from lizzard.sbs.de (lizzard.sbs.de [194.138.37.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3B33D8321B for ; Thu, 25 Nov 2021 20:03:07 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=siemens.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jan.kiszka@siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id 1APJ35lB005483 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 25 Nov 2021 20:03:05 +0100 Received: from md1f2u6c.ad001.siemens.net ([167.87.32.80]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 1APJ35nY010815; Thu, 25 Nov 2021 20:03:05 +0100 From: Jan Kiszka To: U-Boot Mailing List Cc: Simon Glass , Ivan Mikhaylov Subject: [PATCH 0/3] mkimage: allow to specify signing algorithm Date: Thu, 25 Nov 2021 20:03:01 +0100 Message-Id: X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.37 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Another step to decouple the FIT image specification from the actual signing: With these changes, the signature nodes can leave out an algo property, mkimage will initialize that as well while signing. This way, in-tree FIT source files can be prepared for gaining signatures without defining the key type or size upfront, forcing users to patch the code to change that. Patch 1 is preparatory for this, patch 2 a drive-by cleanup. A better solution would actually be if the algorithm was derived from the provided key. But the underlying crypto layer seems to be rather unprepared for that. Jan Jan Kiszka (3): image-fit: Make string of algo parameter constant mkimage: Drop unused OPT_STRING constant mkimage: Allow to specify the signature algorithm on the command line boot/image-fit-sig.c | 2 +- boot/image-fit.c | 8 +++---- doc/mkimage.1 | 5 +++++ include/image.h | 5 +++-- tools/fit_image.c | 3 ++- tools/image-host.c | 50 +++++++++++++++++++++++++------------------- tools/imagetool.h | 1 + tools/mkimage.c | 6 ++++-- 8 files changed, 49 insertions(+), 31 deletions(-) -- 2.31.1