diff options
Diffstat (limited to 'futility/cmd_sign.c')
-rw-r--r-- | futility/cmd_sign.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/futility/cmd_sign.c b/futility/cmd_sign.c index 8599c74c..7a53887f 100644 --- a/futility/cmd_sign.c +++ b/futility/cmd_sign.c @@ -495,12 +495,16 @@ static void print_help_rwsig(int argc, char *argv[]) "If INFILE contains an FMAP, RW and signatures offsets are read from\n" "FMAP. These regions must be named EC_RW and SIG_RW respectively.\n" "If a public key is found in the region named KEY_RO, it will be replaced\n" - "in the RO image.\n" + "in the RO image. This mode also produces EC_RW.bin which is a EC_RW\n" + "region image (same as the input file for 'Data + Signature mode').\n" "\n" "Options:\n" "\n" - " --prikey FILE.vbprik2 Private key in vb2 format (required)\n" - " --version NUM Public key version if we are replacing" + " --prikey FILE.vbprik2 Private key in vb2 format. Required\n" + " if INFILE is a binary blob. If not\n" + " provided, previous signature is copied\n" + " and a public key won't be replaced.\n" + " --version NUM Public key version if we are replacing\n" " the key in INFILE (default: 1)\n" " --sig_size NUM Offset from the end of INFILE where the\n" " signature blob should be located, if\n" @@ -972,7 +976,9 @@ static int do_sign(int argc, char *argv[]) "hash_alg"); break; case FILE_TYPE_RWSIG: - errorcnt += no_opt_if(!sign_option.prikey, "prikey"); + if (sign_option.inout_file_count > 1) + /* Signing raw data. No signature pre-exists. */ + errorcnt += no_opt_if(!sign_option.prikey, "prikey"); break; default: /* Anything else we don't care */ |