On Mon, May 16, 2022 at 04:11:08PM -0400, Sean Anderson wrote:
This adds support for signing images in auto-generated FITs. To do this, we need to add a signature node. The algorithm name property already has its own option, but we need one for the key name hint. We could have gone the -G route and added an explicit name for the public key (like what is done for the private key). However, many places assume the public key can be constructed from the key dir and hint, and I don't want to do the refactoring necessary.
As a consequence of this, it is now easier to add public keys to an existing image without signing something. This could be done all along, but now you don't have to create an its just to do it. Ideally, we wouldn't create a FIT at the end. This could be done by calling fit_image_setup_sig/info.crypto->add_verify_data directly.
Signed-off-by: Sean Anderson sean.anderson@seco.com
Applied to u-boot/next, thanks!