Normally, multiple public keys can be provided and U-Boot is not
required to use all of them for verification. This is because some
images may not be signed, or may be optionally signed.
But we still need a mechanism to determine when a key must be used.
This feature cannot be implemented in the FIT itself, since anyone
could change it to mark a key as optional. The requirement for
key verification must go in with the public keys, in a place that
is protected from modification.
Add a -r option which tells mkimage to mark all keys that it uses
for signing as 'required'.
If some keys are optional and some are required, run mkimage several
times (perhaps with different key directories if some keys are very
secret) using the -F flag to update an existing FIT.
Signed-off-by: Simon Glass s...@chromium.org
---
doc/mkimage.1 |6 ++
tools/fit_image.c |5 +++--
tools/mkimage.c |7 +--
tools/mkimage.h |1 +
4 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/doc/mkimage.1 b/doc/mkimage.1
index b67a351..14374da 100644
--- a/doc/mkimage.1
+++ b/doc/mkimage.1
@@ -133,6 +133,12 @@ the corresponding public key is written into this file for
for run-time
verification. Typically the file here is the device tree binary used by
CONFIG_OF_CONTROL in U-Boot.
+.TP
+.BI \-r
+Specifies that keys used to sign the FIT are required. This means that they
+must be verified for the image to boot. Without this option, the verification
+will be optional (useful for testing but not for release).
+
.SH EXAMPLES
List image information:
diff --git a/tools/fit_image.c b/tools/fit_image.c
index 82f1597..0b9f091 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -153,8 +153,9 @@ static int fit_handle_file (struct mkimage_params *params)
/* set hashes for images in the blob */
if (fit_add_verification_data(params-keydir,
- dest_blob, ptr, params-comment, 0)) {
- fprintf (stderr, %s Can't add hashes to FIT blob,
+ dest_blob, ptr, params-comment,
+ params-require_keys)) {
+ fprintf(stderr, %s Can't add hashes to FIT blob\n,
params-cmdname);
goto err_add_hashes;
}
diff --git a/tools/mkimage.c b/tools/mkimage.c
index d6e47a5..8af84ce 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -270,6 +270,9 @@ main (int argc, char **argv)
usage ();
params.imagename = *++argv;
goto NXTARG;
+ case 'r':
+ params.require_keys = 1;
+ break;
case 'R':
if (--argc = 0)
usage();
@@ -641,8 +644,8 @@ usage ()
-x == set XIP (execute in place)\n,
params.cmdname);
fprintf(stderr,%s [-k keydir] [-K dtb] [-D dtc_options]
-[ -c comment] [-f fit-image.its|-F] fit-image\n,
- params.cmdname);
+[ -c comment] [-f fit-image.its|-F] [-r]
+fit-image\n, params.cmdname);
fprintf (stderr,%s -V == print version information and
exit\n,
params.cmdname);
diff --git a/tools/mkimage.h b/tools/mkimage.h
index 4391ca8..d82be17 100644
--- a/tools/mkimage.h
+++ b/tools/mkimage.h
@@ -78,6 +78,7 @@ struct mkimage_params {
const char *keydir; /* Directory holding private keys */
const char *keydest;/* Destination .dtb for public key */
const char *comment;/* Comment to add to signature node */
+ int require_keys; /* 1 to mark signing keys as 'required' */
};
/*
--
1.7.7.3
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
