From: Heiko Stuebner heiko.stuebner@theobroma-systems.com
This series makes it possible to sign a generated u-boot.itb automatically even if the its-source got created by a generator script.
To let the SPL know about the key, the -K option for mkimage points to the dts/dt-spl.dtb which can then get included into the spl binary.
Tested on Rockchip PX30 with a TPL -> SPL -> U-Boot.itb bootchain.
I've split out the the rsa/crypto fixes into a separate series starting at [0].
Simon asked for fit_image_write_sig() to always return an errno code, never an FDT code and suggested that this could be a follow-on patch. So I've kept code that way and will provide a follow up series to convert the return code handling.
[0] https://patchwork.ozlabs.org/project/uboot/patch/20200522141937.3523692-1-he...
changes in v4: - add patch to fix the always defined U_BOOT_ITS in Makefile - adapt Rockchip make_fit_atf to both python2+3 caused by the different crypto-implementations changes in v3: - add patch to fix imx make_fit_atf.sh error handling - split out rsa fixes into separate series changes in v2.1: - depend on $(CONFIG_SPL_FIT_SIGNATURE)$(U_BOOT_ITS) instead of only $(CONFIG_SPL_FIT_GENERATOR) changes in v2: - add received reviews - fix commit message typo - add doc snippet explaining CONFIG_SPL_FIT_GENERATOR_KEY_HINT
Heiko Stuebner (6): imx: mkimage_fit_atf: Fix FIT image if BL31.bin missing mkimage: fit_image: handle multiple errors when writing signatures spl: fit: dont set U_BOOT_ITS var if not build SPL_FIT support spl: fit: enable signing a generated u-boot.itb spl: fit: add Kconfig option to specify key-hint for fit_generator rockchip: make_fit_atf: add signature handling
Kconfig | 16 ++++++++ Makefile | 13 +++++- arch/arm/mach-imx/mkimage_fit_atf.sh | 4 +- arch/arm/mach-rockchip/make_fit_atf.py | 57 +++++++++++++++++++++++++- doc/uImage.FIT/howto.txt | 13 ++++++ tools/image-host.c | 2 +- 6 files changed, 100 insertions(+), 5 deletions(-)