mkimage: Add -c option to specify a comment for key signing

When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>

diff --git a/doc/mkimage.1 b/doc/mkimage.1
index f9c733a5e6212e5795dd3210294c5d4a28c226bc..b67a35178a0fec45521e27e8242216213df1f0a5 100644 (file)
--- a/doc/mkimage.1
+++ b/doc/mkimage.1
@@ -96,6 +96,12 @@ Set XIP (execute in place) flag.
 .P
 .B Create FIT image:
 
+.TP
+.BI "\-c [" "comment" "]"
+Specifies a comment to be added when signing. This is typically a useful
+message which describes how the image was signed or some other useful
+information.
+
 .TP
 .BI "\-D [" "dtc options" "]"
 Provide special options to the device tree compiler that is used to

diff --git a/tools/fit_image.c b/tools/fit_image.c
index 645e93c346e15e4e2756bbd395adbb160fe1ed65..d48f571b0f961b8ef27e8f21c4b501a3501adfc8 100644 (file)
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -153,9 +153,9 @@ static int fit_handle_file (struct mkimage_params *params)
 
        /* set hashes for images in the blob */
        if (fit_add_verification_data(params->keydir, dest_blob, ptr,
-                                     NULL, 0)) {
+                                     params->comment, 0)) {
                fprintf (stderr, "%s Can't add hashes to FIT blob",
-                               params->cmdname);
+                        params->cmdname);
                goto err_add_hashes;
        }
 

diff --git a/tools/mkimage.c b/tools/mkimage.c
index e2b82d0c5c360af0b2fc9751db4f1ee85c46986e..b3b45a47a3f14e79c9f5213ad57e9d800ec19965 100644 (file)
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -183,6 +183,11 @@ main (int argc, char **argv)
                                        genimg_get_arch_id (*++argv)) < 0)
                                        usage ();
                                goto NXTARG;
+                       case 'c':
+                               if (--argc <= 0)
+                                       usage();
+                               params.comment = *++argv;
+                               goto NXTARG;
                        case 'C':
                                if ((--argc <= 0) ||
                                        (params.comp =
@@ -640,9 +645,10 @@ usage ()
        fprintf(stderr, "          -D => set options for device tree compiler\n"
                        "          -f => input filename for FIT source\n");
 #ifdef CONFIG_FIT_SIGNATURE
-       fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb]\n"
+       fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>]\n"
                        "          -k => set directory containing private keys\n"
                        "          -K => write public keys to this .dtb file\n"
+                       "          -c => add comment in signature node\n"
                        "          -F => re-sign existing FIT image\n");
 #else
        fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");

diff --git a/tools/mkimage.h b/tools/mkimage.h
index 63b9b4f8bedeede86f8da9bcbc9e7e4d04bc6a16..ab8baf8f056fdde53fe107feb16d2127c4366a4b 100644 (file)
--- a/tools/mkimage.h
+++ b/tools/mkimage.h
@@ -89,6 +89,7 @@ struct mkimage_params {
        char *cmdname;
        const char *keydir;     /* Directory holding private keys */
        const char *keydest;    /* Destination .dtb for public key */
+       const char *comment;    /* Comment to add to signature node */
 };
 
 /*