From patchwork Fri Jun 19 10:45:44 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?q?Heiko_St=C3=BCbner?= <heiko@sntech.de>
X-Patchwork-Id: 242661
List-Id: U-Boot discussion <u-boot.lists.denx.de>
From: heiko at sntech.de (Heiko Stuebner)
Date: Fri, 19 Jun 2020 12:45:44 +0200
Subject: [PATCH v4 0/6] rockchip: make it possible to sign the u-boot.itb
Message-ID: <20200619104550.1972307-1-heiko@sntech.de>

From: Heiko Stuebner <heiko.stuebner at theobroma-systems.com>

This series makes it possible to sign a generated u-boot.itb automatically
even if the its-source got created by a generator script.

To let the SPL know about the key, the -K option for mkimage points
to the dts/dt-spl.dtb which can then get included into the spl binary.

Tested on Rockchip PX30 with a TPL -> SPL -> U-Boot.itb bootchain.

I've split out the the rsa/crypto fixes into a separate series
starting at [0].

Simon asked for fit_image_write_sig() to always return an errno code,
never an FDT code and suggested that this could be a follow-on patch.
So I've kept code that way and will provide a follow up series
to convert the return code handling.


[0] https://patchwork.ozlabs.org/project/uboot/patch/20200522141937.3523692-1-heiko at sntech.de/


changes in v4:
- add patch to fix the always defined U_BOOT_ITS in Makefile
- adapt Rockchip make_fit_atf to both python2+3 caused by the
  different crypto-implementations
changes in v3:
- add patch to fix imx make_fit_atf.sh error handling
- split out rsa fixes into separate series
changes in v2.1:
- depend on $(CONFIG_SPL_FIT_SIGNATURE)$(U_BOOT_ITS)
  instead of only $(CONFIG_SPL_FIT_GENERATOR)
changes in v2:
- add received reviews
- fix commit message typo
- add doc snippet explaining CONFIG_SPL_FIT_GENERATOR_KEY_HINT


Heiko Stuebner (6):
  imx: mkimage_fit_atf: Fix FIT image if BL31.bin missing
  mkimage: fit_image: handle multiple errors when writing signatures
  spl: fit: dont set U_BOOT_ITS var if not build SPL_FIT support
  spl: fit: enable signing a generated u-boot.itb
  spl: fit: add Kconfig option to specify key-hint for fit_generator
  rockchip: make_fit_atf: add signature handling

 Kconfig                                | 16 ++++++++
 Makefile                               | 13 +++++-
 arch/arm/mach-imx/mkimage_fit_atf.sh   |  4 +-
 arch/arm/mach-rockchip/make_fit_atf.py | 57 +++++++++++++++++++++++++-
 doc/uImage.FIT/howto.txt               | 13 ++++++
 tools/image-host.c                     |  2 +-
 6 files changed, 100 insertions(+), 5 deletions(-)