mbox series

[v2,0/7] rockchip: make it possible to sign the u-boot.itb

Message ID 20200421002333.111461-1-heiko@sntech.de
Headers show
Series rockchip: make it possible to sign the u-boot.itb | expand

Message

Heiko Stuebner April 21, 2020, 12:23 a.m. UTC
From: Heiko Stuebner <heiko.stuebner at theobroma-systems.com>

This series fixes some issues I found with SPL_FIT_SIGNATURE enabled
and then makes it possible to sign a generated u-boot.itb automatically
even if the its-source got created by a generator script.

To let the SPL know about the key, the -K option for mkimage points
to the dts/dt-spl.dtb which can then get included into the spl binary.

Tested on Rockchip PX30 with a TPL -> SPL -> U-Boot.itb bootchain.


If the later parts are in doubt, maybe the first patches fixing
obvious errors could land first separately.


changes in v2:
- add received reviews
- fix commit message typo
- add doc snippet explaining CONFIG_SPL_FIT_GENERATOR_KEY_HINT

Heiko Stuebner (7):
  spl: fit: select SPL_HASH_SUPPORT for SPL_FIT_SIGNATURE
  spl: fit: select SPL_CRYPTO_SUPPORT for SPL_FIT_SIGNATURE
  lib: rsa: distinguish between tpl and spl for CONFIG_RSA_VERIFY
  mkimage: fit_image: handle multiple errors when writing signatures
  spl: fit: enable signing a generated u-boot.itb
  spl: fit: add Kconfig option to specify key-hint for fit_generator
  rockchip: make_fit_atf: add signature handling

 Kconfig                                | 18 +++++++++
 Makefile                               | 11 +++++-
 arch/arm/mach-rockchip/make_fit_atf.py | 51 +++++++++++++++++++++++++-
 doc/uImage.FIT/howto.txt               | 13 +++++++
 lib/rsa/Makefile                       |  2 +-
 tools/image-host.c                     |  2 +-
 6 files changed, 93 insertions(+), 4 deletions(-)