Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / trini / u-boot / e29495d37f7c0533d365004ca475218250351c93^! / . / tools / mkimage.c
commite29495d37f7c0533d365004ca475218250351c93[log] [tgz]
authorSimon Glass <sjg@chromium.org>Thu Jun 13 15:10:04 2013 -0700
committerTom Rini <trini@ti.com>Wed Jun 26 10:18:56 2013 -0400
tree1ce4db084dea8f629a934abef35140cd79e2b127
parent80e4df8ac661ada5308f3bffebe4e6fae1f8e990 [diff] [blame]
mkimage: Add -K to write public keys to an FDT blob

FIT image verification requires public keys. Add a convenient option to
mkimage to write the public keys to an FDT blob when it uses then for
signing an image. This allows us to use:

   mkimage -f test.its -K dest.dtb -k keys test.fit

and have the signatures written to test.fit and the corresponding public
keys written to dest.dtb. Then dest.dtb can be used as the control FDT
for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
public keys it needs.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>

diff --git a/tools/mkimage.c b/tools/mkimage.c
index def7df2..3760392 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c

@@ -253,6 +253,11 @@
 					usage();
 				params.keydir = *++argv;
 				goto NXTARG;
+			case 'K':
+				if (--argc <= 0)
+					usage();
+				params.keydest = *++argv;
+				goto NXTARG;
 			case 'n':
 				if (--argc <= 0)
 					usage ();
@@ -633,8 +638,9 @@
 	fprintf(stderr, "          -D => set options for device tree compiler\n"
 			"          -f => input filename for FIT source\n");
 #ifdef CONFIG_FIT_SIGNATURE
-	fprintf(stderr, "Signing / verified boot options: [-k keydir]\n"
-			"          -k => set directory containing private keys\n");
+	fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb]\n"
+			"          -k => set directory containing private keys\n"
+			"          -K => write public keys to this .dtb file\n");
 #else
 	fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
 #endif