From patchwork Tue Apr 21 00:23:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heiko Stuebner X-Patchwork-Id: 238139 List-Id: U-Boot discussion From: heiko at sntech.de (Heiko Stuebner) Date: Tue, 21 Apr 2020 02:23:26 +0200 Subject: [PATCH v2 0/7] rockchip: make it possible to sign the u-boot.itb Message-ID: <20200421002333.111461-1-heiko@sntech.de> From: Heiko Stuebner This series fixes some issues I found with SPL_FIT_SIGNATURE enabled and then makes it possible to sign a generated u-boot.itb automatically even if the its-source got created by a generator script. To let the SPL know about the key, the -K option for mkimage points to the dts/dt-spl.dtb which can then get included into the spl binary. Tested on Rockchip PX30 with a TPL -> SPL -> U-Boot.itb bootchain. If the later parts are in doubt, maybe the first patches fixing obvious errors could land first separately. changes in v2: - add received reviews - fix commit message typo - add doc snippet explaining CONFIG_SPL_FIT_GENERATOR_KEY_HINT Heiko Stuebner (7): spl: fit: select SPL_HASH_SUPPORT for SPL_FIT_SIGNATURE spl: fit: select SPL_CRYPTO_SUPPORT for SPL_FIT_SIGNATURE lib: rsa: distinguish between tpl and spl for CONFIG_RSA_VERIFY mkimage: fit_image: handle multiple errors when writing signatures spl: fit: enable signing a generated u-boot.itb spl: fit: add Kconfig option to specify key-hint for fit_generator rockchip: make_fit_atf: add signature handling Kconfig | 18 +++++++++ Makefile | 11 +++++- arch/arm/mach-rockchip/make_fit_atf.py | 51 +++++++++++++++++++++++++- doc/uImage.FIT/howto.txt | 13 +++++++ lib/rsa/Makefile | 2 +- tools/image-host.c | 2 +- 6 files changed, 93 insertions(+), 4 deletions(-)