diff options
| author | Simon Glass <sjg@chromium.org> | 2013-06-13 15:10:04 -0700 |
|---|---|---|
| committer | Tom Rini <trini@ti.com> | 2013-06-26 10:18:56 -0400 |
| commit | e29495d37f7c0533d365004ca475218250351c93 (patch) | |
| tree | 1ce4db084dea8f629a934abef35140cd79e2b127 /tools/fit_image.c | |
| parent | 80e4df8ac661ada5308f3bffebe4e6fae1f8e990 (diff) | |
| download | olio-uboot-2014.01-e29495d37f7c0533d365004ca475218250351c93.tar.xz olio-uboot-2014.01-e29495d37f7c0533d365004ca475218250351c93.zip | |
mkimage: Add -K to write public keys to an FDT blob
FIT image verification requires public keys. Add a convenient option to
mkimage to write the public keys to an FDT blob when it uses then for
signing an image. This allows us to use:
mkimage -f test.its -K dest.dtb -k keys test.fit
and have the signatures written to test.fit and the corresponding public
keys written to dest.dtb. Then dest.dtb can be used as the control FDT
for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
public keys it needs.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
Diffstat (limited to 'tools/fit_image.c')
| -rw-r--r-- | tools/fit_image.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/tools/fit_image.c b/tools/fit_image.c index 339e0f8df..b17fa2d6c 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -105,9 +105,11 @@ static int fit_handle_file (struct mkimage_params *params) { char tmpfile[MKIMAGE_MAX_TMPFILE_LEN]; char cmd[MKIMAGE_MAX_DTC_CMDLINE_LEN]; - int tfd; + int tfd, destfd = 0; + void *dest_blob = NULL; struct stat sbuf; void *ptr; + off_t destfd_size = 0; /* Flattened Image Tree (FIT) format handling */ debug ("FIT format handling\n"); @@ -132,12 +134,20 @@ static int fit_handle_file (struct mkimage_params *params) goto err_system; } + if (params->keydest) { + destfd = mmap_fdt(params, params->keydest, &dest_blob, &sbuf); + if (destfd < 0) + goto err_keydest; + destfd_size = sbuf.st_size; + } + tfd = mmap_fdt(params, tmpfile, &ptr, &sbuf); if (tfd < 0) goto err_mmap; /* set hashes for images in the blob */ - if (fit_add_verification_data(params->keydir, NULL, ptr, NULL, 0)) { + if (fit_add_verification_data(params->keydir, dest_blob, ptr, + NULL, 0)) { fprintf (stderr, "%s Can't add hashes to FIT blob", params->cmdname); goto err_add_hashes; @@ -153,6 +163,10 @@ static int fit_handle_file (struct mkimage_params *params) munmap ((void *)ptr, sbuf.st_size); close (tfd); + if (dest_blob) { + munmap(dest_blob, destfd_size); + close(destfd); + } if (rename (tmpfile, params->imagefile) == -1) { fprintf (stderr, "%s: Can't rename %s to %s: %s\n", @@ -168,6 +182,9 @@ err_add_timestamp: err_add_hashes: munmap(ptr, sbuf.st_size); err_mmap: + if (dest_blob) + munmap(dest_blob, destfd_size); +err_keydest: err_system: unlink(tmpfile); return -1; |