linux-sunxi/u-boot-sunxi
1
0
Fork 0
mirror of https://github.com/linux-sunxi/u-boot-sunxi.git synced 2024-02-12 11:16:03 +08:00
Code Issues Projects Releases Wiki Activity

mkimage: Add support for signing with pkcs11

Browse Source 
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
This commit is contained in:
George McCollister
2017-01-06 13:14:17 -06:00
committed by Tom Rini
parent b1c6a54a53
commit f1ca1fdebf
7 changed files with 408 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tools/fit_image.c
View File

@ -59,7 +59,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
if (!ret) {
ret = fit_add_verification_data(params->keydir, dest_blob, ptr,
params->comment,
params->require_keys);
params->require_keys,
params->engine_id);
}
if (dest_blob) {