On Thu, 29 Jun 2023 at 15:59, lukas.funke-oss@weidmueller.com wrote:
From: Lukas Funke lukas.funke@weidmueller.com
This adds a new etype 'u_boot_spl_pubkey_dtb'. The etype adds the public key from a certificate to the dtb. This creates a '/signature' node which is turn contains the fields which make up the public key. Usually this is done by 'mkimage -K'. However, 'binman sign' does not add the public key to the SPL. This is why the pubkey is added using this etype.
The etype calls the underlying 'fdt_add_pubkey' tool.
Signed-off-by: Lukas Funke lukas.funke@weidmueller.com
tools/binman/etype/u_boot_spl_pubkey_dtb.py | 105 ++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 tools/binman/etype/u_boot_spl_pubkey_dtb.py
Please can you use 'binman entry-docs >tools/binman/entries.rst' and add to patch?
diff --git a/tools/binman/etype/u_boot_spl_pubkey_dtb.py b/tools/binman/etype/u_boot_spl_pubkey_dtb.py new file mode 100644 index 0000000000..25aa817975 --- /dev/null +++ b/tools/binman/etype/u_boot_spl_pubkey_dtb.py @@ -0,0 +1,105 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2023 Weidmueller GmbH +# Written by Lukas Funke lukas.funke@weidmueller.com +# +# Entry-type module for 'u-boot-spl-pubkey.dtb' +#
+import tempfile +import os
+from binman.etype.blob_dtb import Entry_blob_dtb
+from dtoc import fdt_util
+from u_boot_pylib import tools
+# pylint: disable=C0103 +class Entry_u_boot_spl_pubkey_dtb(Entry_blob_dtb):
- """U-Boot SPL device tree including public key
- Properties / Entry arguments:
- key-name: Public key name without extension (e.g. .crt). Default isdetermined by underlying bintool (fdt_add_pubkey),usually 'key'- algo: (Optional) Algorithm used for signing. Default is determined byunderlying bintool (fdt_add_pubkey), usually 'sha1,rsa2048'- required: (Optional) If present this indicates that the key must beverified for the image / configuration to beconsidered valid- The following example shows an image containing an SPL which
- is packed together with the dtb. Binman will add a signature
- node to the dtb:
image {...spl {filename = "spl.bin"u_boot_spl_nodtb {};u_boot_spl_pubkey_dtb {algo = "sha384,rsa4096";required = "conf";key-name = "dev";};};...}- """
- def __init__(self, section, etype, node):
# Put this here to allow entry-docs and help to work without libfdtglobal statefrom binman import statesuper().__init__(section, etype, node)self.required_props = ['key-name']self.fdt_add_pubkey = Noneself._algo = fdt_util.GetString(self._node, 'algo')self._required = fdt_util.GetString(self._node, 'required')self._keyname = fdt_util.GetString(self._node, 'key-name')- def ObtainContents(self, fake_size=0):
""" Add public key which is pointed out by
Please check comment style. The first line should a summary, then a blank line, then more info
'key-name' to node 'signature' in the spl-dtbThis is equivalent to the '-K' option of 'mkimage'Args:fake_size (int): unused"""# We don't pass fake_size and skip_entry upwards# because this is currently not support by the blob type
supported
super().ObtainContents()with tempfile.NamedTemporaryFile(prefix=os.path.basename(self.GetFdtEtype()),dir=tools.get_output_dir())\as pubkey_tdb:tools.write_file(pubkey_tdb.name, self.GetData())keyname = tools.get_input_filename(self._keyname + ".crt")self.fdt_add_pubkey.run(pubkey_tdb.name,os.path.dirname(keyname),self._keyname,self._required, self._algo)dtb = tools.read_file(pubkey_tdb.name)self.SetContents(dtb)state.UpdateFdtContents(self.GetFdtEtype(), dtb)return True- # pylint: disable=R0201,C0116
- def GetDefaultFilename(self):
return 'spl/u-boot-spl-pubkey.dtb'- # pylint: disable=R0201,C0116
- def GetFdtEtype(self):
return 'u-boot-spl-dtb'- # pylint: disable=R0201,C0116
- def AddBintools(self, btools):
super().AddBintools(btools)self.fdt_add_pubkey = self.AddBintool(btools, 'fdt_add_pubkey')-- 2.30.2
Reviewed-by: Simon Glass sjg@chromium.org
Regards, Simon