List-Id: U-Boot discussion <u-boot.lists.denx.de>
From: heiko at sntech.de (Heiko Stuebner)
Date: Fri, 19 Jun 2020 12:45:44 +0200
Subject: [PATCH v4 0/6] rockchip: make it possible to sign the u-boot.itb
Message-ID: <20200619104550.1972307-1-heiko@sntech.de>
From: Heiko Stuebner <heiko.stuebner at theobroma-systems.com>
This series makes it possible to sign a generated u-boot.itb automatically
even if the its-source got created by a generator script.
To let the SPL know about the key, the -K option for mkimage points
to the dts/dt-spl.dtb which can then get included into the spl binary.
Tested on Rockchip PX30 with a TPL -> SPL -> U-Boot.itb bootchain.
I've split out the the rsa/crypto fixes into a separate series
starting at [0].
Simon asked for fit_image_write_sig() to always return an errno code,
never an FDT code and suggested that this could be a follow-on patch.
So I've kept code that way and will provide a follow up series
to convert the return code handling.
[0] https://patchwork.ozlabs.org/project/uboot/patch/20200522141937.3523692-1-heiko at sntech.de/
changes in v4:
- add patch to fix the always defined U_BOOT_ITS in Makefile
- adapt Rockchip make_fit_atf to both python2+3 caused by the
different crypto-implementations
changes in v3:
- add patch to fix imx make_fit_atf.sh error handling
- split out rsa fixes into separate series
changes in v2.1:
- depend on $(CONFIG_SPL_FIT_SIGNATURE)$(U_BOOT_ITS)
instead of only $(CONFIG_SPL_FIT_GENERATOR)
changes in v2:
- add received reviews
- fix commit message typo
- add doc snippet explaining CONFIG_SPL_FIT_GENERATOR_KEY_HINT
Heiko Stuebner (6):
imx: mkimage_fit_atf: Fix FIT image if BL31.bin missing
mkimage: fit_image: handle multiple errors when writing signatures
spl: fit: dont set U_BOOT_ITS var if not build SPL_FIT support
spl: fit: enable signing a generated u-boot.itb
spl: fit: add Kconfig option to specify key-hint for fit_generator
rockchip: make_fit_atf: add signature handling
Kconfig | 16 ++++++++
Makefile | 13 +++++-
arch/arm/mach-imx/mkimage_fit_atf.sh | 4 +-
arch/arm/mach-rockchip/make_fit_atf.py | 57 +++++++++++++++++++++++++-
doc/uImage.FIT/howto.txt | 13 ++++++
tools/image-host.c | 2 +-
6 files changed, 100 insertions(+), 5 deletions(-)
From: Heiko Stuebner <heiko.stuebner at theobroma-systems.com> This series makes it possible to sign a generated u-boot.itb automatically even if the its-source got created by a generator script. To let the SPL know about the key, the -K option for mkimage points to the dts/dt-spl.dtb which can then get included into the spl binary. Tested on Rockchip PX30 with a TPL -> SPL -> U-Boot.itb bootchain. I've split out the the rsa/crypto fixes into a separate series starting at [0]. Simon asked for fit_image_write_sig() to always return an errno code, never an FDT code and suggested that this could be a follow-on patch. So I've kept code that way and will provide a follow up series to convert the return code handling. [0] https://patchwork.ozlabs.org/project/uboot/patch/20200522141937.3523692-1-heiko at sntech.de/ changes in v4: - add patch to fix the always defined U_BOOT_ITS in Makefile - adapt Rockchip make_fit_atf to both python2+3 caused by the different crypto-implementations changes in v3: - add patch to fix imx make_fit_atf.sh error handling - split out rsa fixes into separate series changes in v2.1: - depend on $(CONFIG_SPL_FIT_SIGNATURE)$(U_BOOT_ITS) instead of only $(CONFIG_SPL_FIT_GENERATOR) changes in v2: - add received reviews - fix commit message typo - add doc snippet explaining CONFIG_SPL_FIT_GENERATOR_KEY_HINT Heiko Stuebner (6): imx: mkimage_fit_atf: Fix FIT image if BL31.bin missing mkimage: fit_image: handle multiple errors when writing signatures spl: fit: dont set U_BOOT_ITS var if not build SPL_FIT support spl: fit: enable signing a generated u-boot.itb spl: fit: add Kconfig option to specify key-hint for fit_generator rockchip: make_fit_atf: add signature handling Kconfig | 16 ++++++++ Makefile | 13 +++++- arch/arm/mach-imx/mkimage_fit_atf.sh | 4 +- arch/arm/mach-rockchip/make_fit_atf.py | 57 +++++++++++++++++++++++++- doc/uImage.FIT/howto.txt | 13 ++++++ tools/image-host.c | 2 +- 6 files changed, 100 insertions(+), 5 deletions(-)