diff options
author | Simon Glass <sjg@chromium.org> | 2013-06-13 15:10:05 -0700 |
---|---|---|
committer | Tom Rini <trini@ti.com> | 2013-06-26 10:18:56 -0400 |
commit | 95d77b4479f9d07aea114fd4253cd665bb48ea10 (patch) | |
tree | 4aa9f969fc0f104956fb29a6f5993d3026e39843 /tools | |
parent | e29495d37f7c0533d365004ca475218250351c93 (diff) | |
download | u-boot-95d77b4479f9d07aea114fd4253cd665bb48ea10.tar.gz |
mkimage: Add -F option to modify an existing .fit file
When signing images it is sometimes necessary to sign with different keys
at different times, or make the signer entirely separate from the FIT
creation to avoid needing the private keys to be publicly available in
the system.
Add a -F option so that key signing can be a separate step, and possibly
done multiple times as different keys are avaiable.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
Diffstat (limited to 'tools')
-rw-r--r-- | tools/fit_image.c | 18 | ||||
-rw-r--r-- | tools/mkimage.c | 9 |
2 files changed, 18 insertions, 9 deletions
diff --git a/tools/fit_image.c b/tools/fit_image.c index b17fa2d6c0..645e93c346 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -124,10 +124,16 @@ static int fit_handle_file (struct mkimage_params *params) } sprintf (tmpfile, "%s%s", params->imagefile, MKIMAGE_TMPFILE_SUFFIX); - /* dtc -I dts -O dtb -p 500 datafile > tmpfile */ - sprintf (cmd, "%s %s %s > %s", - MKIMAGE_DTC, params->dtc, params->datafile, tmpfile); - debug ("Trying to execute \"%s\"\n", cmd); + /* We either compile the source file, or use the existing FIT image */ + if (params->datafile) { + /* dtc -I dts -O dtb -p 500 datafile > tmpfile */ + snprintf(cmd, sizeof(cmd), "%s %s %s > %s", + MKIMAGE_DTC, params->dtc, params->datafile, tmpfile); + debug("Trying to execute \"%s\"\n", cmd); + } else { + snprintf(cmd, sizeof(cmd), "cp %s %s", + params->imagefile, tmpfile); + } if (system (cmd) == -1) { fprintf (stderr, "%s: system(%s) failed: %s\n", params->cmdname, cmd, strerror(errno)); @@ -153,8 +159,8 @@ static int fit_handle_file (struct mkimage_params *params) goto err_add_hashes; } - /* add a timestamp at offset 0 i.e., root */ - if (fit_set_timestamp (ptr, 0, sbuf.st_mtime)) { + /* for first image creation, add a timestamp at offset 0 i.e., root */ + if (params->datafile && fit_set_timestamp(ptr, 0, sbuf.st_mtime)) { fprintf (stderr, "%s: Can't add image timestamp\n", params->cmdname); goto err_add_timestamp; diff --git a/tools/mkimage.c b/tools/mkimage.c index 376039228a..e2b82d0c5c 100644 --- a/tools/mkimage.c +++ b/tools/mkimage.c @@ -240,12 +240,14 @@ main (int argc, char **argv) case 'f': if (--argc <= 0) usage (); + params.datafile = *++argv; + /* no break */ + case 'F': /* * The flattened image tree (FIT) format * requires a flattened device tree image type */ params.type = IH_TYPE_FLATDT; - params.datafile = *++argv; params.fflag = 1; goto NXTARG; case 'k': @@ -633,14 +635,15 @@ usage () " -d ==> use image data from 'datafile'\n" " -x ==> set XIP (execute in place)\n", params.cmdname); - fprintf(stderr, " %s [-D dtc_options] -f fit-image.its fit-image\n", + fprintf(stderr, " %s [-D dtc_options] [-f fit-image.its|-F] fit-image\n", params.cmdname); fprintf(stderr, " -D => set options for device tree compiler\n" " -f => input filename for FIT source\n"); #ifdef CONFIG_FIT_SIGNATURE fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb]\n" " -k => set directory containing private keys\n" - " -K => write public keys to this .dtb file\n"); + " -K => write public keys to this .dtb file\n" + " -F => re-sign existing FIT image\n"); #else fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n"); #endif |