The first patch 0001 is required for patch 0002 as random IV are currently only added to the FIT if the encryption key is also added to the DTB. Patch 0002 then allows to use binman to encrypt data in the FIT generated when mkimage is called by binman, when cipher information are provided.
Paul HENRYS (3): aes: Allow to store randomly generated IV in the FIT tools: binman: Add a property to pass a key directory to mkimage tools: binman: Add tests for FIT with data encrypted by mkimage
lib/aes/aes-encrypt.c | 7 +++ tools/binman/btool/mkimage.py | 5 +- tools/binman/etype/fit.py | 3 + tools/binman/ftest.py | 39 +++++++++++++ tools/binman/test/326_fit_encrypt_data.dts | 53 ++++++++++++++++++ .../test/327_fit_encrypt_data_no_key.dts | 53 ++++++++++++++++++ tools/binman/test/aes256.bin | Bin 0 -> 32 bytes tools/image-host.c | 2 +- 8 files changed, 160 insertions(+), 2 deletions(-) create mode 100644 tools/binman/test/326_fit_encrypt_data.dts create mode 100644 tools/binman/test/327_fit_encrypt_data_no_key.dts create mode 100644 tools/binman/test/aes256.bin