When signing an image, it is useful to add some details about which tool or person is authorising the signing. Add a comment field which can take care of miscellaneous requirements.
Signed-off-by: Simon Glass sjg@chromium.org Reviewed-by: Marek Vasut marex@denx.de --- Changes in v2: - Adjust mkimage help to separate out signing options - Rebase on previous patches
doc/mkimage.1 | 6 ++++++ tools/fit_image.c | 4 ++-- tools/mkimage.c | 8 +++++++- tools/mkimage.h | 1 + 4 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/doc/mkimage.1 b/doc/mkimage.1 index f9c733a..b67a351 100644 --- a/doc/mkimage.1 +++ b/doc/mkimage.1 @@ -97,6 +97,12 @@ Set XIP (execute in place) flag. .B Create FIT image:
.TP +.BI "-c [" "comment" "]" +Specifies a comment to be added when signing. This is typically a useful +message which describes how the image was signed or some other useful +information. + +.TP .BI "-D [" "dtc options" "]" Provide special options to the device tree compiler that is used to create the image. diff --git a/tools/fit_image.c b/tools/fit_image.c index 645e93c..d48f571 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -153,9 +153,9 @@ static int fit_handle_file (struct mkimage_params *params)
/* set hashes for images in the blob */ if (fit_add_verification_data(params->keydir, dest_blob, ptr, - NULL, 0)) { + params->comment, 0)) { fprintf (stderr, "%s Can't add hashes to FIT blob", - params->cmdname); + params->cmdname); goto err_add_hashes; }
diff --git a/tools/mkimage.c b/tools/mkimage.c index e2b82d0..b3b45a4 100644 --- a/tools/mkimage.c +++ b/tools/mkimage.c @@ -183,6 +183,11 @@ main (int argc, char **argv) genimg_get_arch_id (*++argv)) < 0) usage (); goto NXTARG; + case 'c': + if (--argc <= 0) + usage(); + params.comment = *++argv; + goto NXTARG; case 'C': if ((--argc <= 0) || (params.comp = @@ -640,9 +645,10 @@ usage () fprintf(stderr, " -D => set options for device tree compiler\n" " -f => input filename for FIT source\n"); #ifdef CONFIG_FIT_SIGNATURE - fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb]\n" + fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>]\n" " -k => set directory containing private keys\n" " -K => write public keys to this .dtb file\n" + " -c => add comment in signature node\n" " -F => re-sign existing FIT image\n"); #else fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n"); diff --git a/tools/mkimage.h b/tools/mkimage.h index 41bec21..4391ca8 100644 --- a/tools/mkimage.h +++ b/tools/mkimage.h @@ -77,6 +77,7 @@ struct mkimage_params { char *cmdname; const char *keydir; /* Directory holding private keys */ const char *keydest; /* Destination .dtb for public key */ + const char *comment; /* Comment to add to signature node */ };
/*