From: Heiko Stuebner <heiko.stuebner at theobroma-systems.com>
This series fixes some issues I found with SPL_FIT_SIGNATURE enabled
and then makes it possible to sign a generated u-boot.itb automatically
even if the its-source got created by a generator script.
To let the SPL know about the key, the -K option for mkimage points
to the dts/dt-spl.dtb which can then get included into the spl binary.
Tested on Rockchip PX30 with a TPL -> SPL -> U-Boot.itb bootchain.
If the later parts are in doubt, maybe the first patches fixing
obvious errors could land first separately.
changes in v2:
- add received reviews
- fix commit message typo
- add doc snippet explaining CONFIG_SPL_FIT_GENERATOR_KEY_HINT
Heiko Stuebner (7):
spl: fit: select SPL_HASH_SUPPORT for SPL_FIT_SIGNATURE
spl: fit: select SPL_CRYPTO_SUPPORT for SPL_FIT_SIGNATURE
lib: rsa: distinguish between tpl and spl for CONFIG_RSA_VERIFY
mkimage: fit_image: handle multiple errors when writing signatures
spl: fit: enable signing a generated u-boot.itb
spl: fit: add Kconfig option to specify key-hint for fit_generator
rockchip: make_fit_atf: add signature handling
Kconfig | 18 +++++++++
Makefile | 11 +++++-
arch/arm/mach-rockchip/make_fit_atf.py | 51 +++++++++++++++++++++++++-
doc/uImage.FIT/howto.txt | 13 +++++++
lib/rsa/Makefile | 2 +-
tools/image-host.c | 2 +-
6 files changed, 93 insertions(+), 4 deletions(-)
From: Heiko Stuebner <heiko.stuebner at theobroma-systems.com> This series fixes some issues I found with SPL_FIT_SIGNATURE enabled and then makes it possible to sign a generated u-boot.itb automatically even if the its-source got created by a generator script. To let the SPL know about the key, the -K option for mkimage points to the dts/dt-spl.dtb which can then get included into the spl binary. Tested on Rockchip PX30 with a TPL -> SPL -> U-Boot.itb bootchain. If the later parts are in doubt, maybe the first patches fixing obvious errors could land first separately. changes in v2: - add received reviews - fix commit message typo - add doc snippet explaining CONFIG_SPL_FIT_GENERATOR_KEY_HINT Heiko Stuebner (7): spl: fit: select SPL_HASH_SUPPORT for SPL_FIT_SIGNATURE spl: fit: select SPL_CRYPTO_SUPPORT for SPL_FIT_SIGNATURE lib: rsa: distinguish between tpl and spl for CONFIG_RSA_VERIFY mkimage: fit_image: handle multiple errors when writing signatures spl: fit: enable signing a generated u-boot.itb spl: fit: add Kconfig option to specify key-hint for fit_generator rockchip: make_fit_atf: add signature handling Kconfig | 18 +++++++++ Makefile | 11 +++++- arch/arm/mach-rockchip/make_fit_atf.py | 51 +++++++++++++++++++++++++- doc/uImage.FIT/howto.txt | 13 +++++++ lib/rsa/Makefile | 2 +- tools/image-host.c | 2 +- 6 files changed, 93 insertions(+), 4 deletions(-)