Add the documentation about binman sign option and providing an example.
Signed-off-by: Ivan Mikhaylov ivan.mikhaylov@siemens.com --- tools/binman/binman.rst | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/tools/binman/binman.rst b/tools/binman/binman.rst index 771645380e..efa3321b95 100644 --- a/tools/binman/binman.rst +++ b/tools/binman/binman.rst @@ -1005,6 +1005,16 @@ You can also replace just a selection of entries::
$ binman replace -i image.bin "*u-boot*" -I indir
+Signing FIT with private key in an image +--------------------------- + +If your firmware image contains a FIT container you can sign container in +place. For example:: + + $ binman sign -i image.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit + +which will sign the FIT's content with private key and replace it immediately +inside your image.
Logging -------