This patch introduces prototype of new sign binman's option. Enhancing the sign procedure, as example:
mkimage -G privateky -r -o sha256,rsa4096 -F fit.fit binman replace -i flash.bin -f fit.fit fit
into: binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit
It works with extracted FIT container and image, which provides key signing of FIT container and replacing of it in directed image.
Also it is possible to sign exact FIT container in place. As example:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit
Add fdt_add_pubkey utility which provides possibility of add pub keys into DTB. This one needed mostly for test coverage of binman sign option but could be useful when private and pub keys are separated.
Depends on "binman: Support updating section contents".
Ivan Mikhaylov (3): binman: add documentation for binman sign option binman: add sign option for binman binman: add tests for sign option
Roman Kopytin (2): tools: add fdt_add_pubkey test_vboot.py: include test of fdt_add_pubkey tool
test/py/tests/test_vboot.py | 8 ++ tools/.gitignore | 1 + tools/Makefile | 3 + tools/binman/binman.rst | 18 ++++ tools/binman/cmdline.py | 13 +++ tools/binman/control.py | 29 +++++- tools/binman/etype/fit.py | 18 ++++ tools/binman/etype/section.py | 3 + tools/binman/ftest.py | 61 +++++++++++++ tools/binman/test/277_fit_sign.dts | 63 +++++++++++++ tools/fdt_add_pubkey.c | 138 +++++++++++++++++++++++++++++ 11 files changed, 354 insertions(+), 1 deletion(-) create mode 100644 tools/binman/test/277_fit_sign.dts create mode 100644 tools/fdt_add_pubkey.c