From: Ivan Mikhaylov ivan.mikhaylov@siemens.com
This patch introduces prototype of new sign binman's option. It doesn't looks good for now but it shows how sign process can be done. Just enhancing sign procedure, as example from: mkimage -G privateky -r -o sha256,rsa4096 -F fit@0x280000.fit binman replace -i flash.bin -f fit@0x280000.fit fit@0x280000
into: binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit@0x280000.fit fit@0x280000
1. Is it needed at all? I think, it improves the way of signing, maybe there is some other opinions on this spot? 2. I hope, that `mkimage sign` can be replaced with python code instead of tools.Run. 3. And what things/cases should be covered in case of approval of such option? Tests? 4. Also this option may cover cases like for TI's K3 architectures, it may replace things like tools/k3_gen_x509_cert.sh with binman sign option.
Also this patch refers on https://lists.denx.de/pipermail/u-boot/2021-November/468282.html with algo option for mkimage.
Ivan Mikhaylov (1): binman: add sign option for binman
tools/binman/cmdline.py | 13 +++++++++++++ tools/binman/control.py | 27 ++++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-)
--