From: Christian Taedcke christian.taedcke@weidmueller.com
This series adds the functionality to handle externally encrypted blobs to binman. It includes the functionality itself and the corresponding unit tests. The generated device tree structure is similar to the structure used in the already implemented cipher node in boot/image-cipher.c.
The following block shows an example on how to use this functionality. In the device tree that is parsed by binman a new node encrypted is used:
/ { binman { filename = "u-boot.itb"; fit { ... images { some-bitstream { ... image_bitstream: blob-ext { filename = "bitstream.bin"; }; encrypted { content = <&image_bitstream>; algo = "aes256-gcm"; key-name-hint = "keyname"; iv-filename = "bitstream.bin.iv"; key-filename = "bitstream.bin.key"; }; ...
This results in an generated fit image containing the following information:
\ { cipher { key-aes256-gcm-keyname { key = <0x...>; iv = <0x...>; }; };
images { ... some-bitstream { ... data = [...] cipher { algo = "aes256-gcm"; key-name-hint = "keyname"; }; }; ...
Christian Taedcke (3): binman: Add support for externally encrypted blobs binman: Allow cipher node as special section binman: Add tests for etype encrypted
tools/binman/etype/encrypted.py | 98 +++++++++++++++++++ tools/binman/etype/section.py | 2 +- tools/binman/ftest.py | 69 +++++++++++++ .../binman/test/282_encrypted_no_content.dts | 15 +++ tools/binman/test/283_encrypted_no_algo.dts | 19 ++++ .../test/284_encrypted_invalid_iv_file.dts | 22 +++++ tools/binman/test/285_encrypted.dts | 29 ++++++ tools/binman/test/286_encrypted_key_file.dts | 30 ++++++ .../test/287_encrypted_iv_name_hint.dts | 30 ++++++ 9 files changed, 313 insertions(+), 1 deletion(-) create mode 100644 tools/binman/etype/encrypted.py create mode 100644 tools/binman/test/282_encrypted_no_content.dts create mode 100644 tools/binman/test/283_encrypted_no_algo.dts create mode 100644 tools/binman/test/284_encrypted_invalid_iv_file.dts create mode 100644 tools/binman/test/285_encrypted.dts create mode 100644 tools/binman/test/286_encrypted_key_file.dts create mode 100644 tools/binman/test/287_encrypted_iv_name_hint.dts