| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Extend support for signing in auto-generated (-f auto) FIT. Previously,
it was possible to get signed 'images' subnodes in the FIT using
options -g and -o together with -f auto. This patch allows signing
'configurations' subnodes instead of 'images' ones (which are hashed),
using option -f auto-conf instead of -f auto. Adding also -K <dtb> and
-r options, will add public key to <dtb> file with required = "conf"
property.
Summary:
-f auto => FIT with crc32 images
-f auto -g ... -o ... => FIT with signed images
-f auto-conf -g ... -o ... => FIT with sha1 images and signed confs
Example: FIT with kernel, two device tree files, and signed
configurations; public key (needed to verify signatures) is
added to u-boot.dtb with required = "conf" property.
mkimage -f auto-conf -A arm -O linux -T kernel -C none -a 43e00000 \
-e 0 -d vmlinuz -b /path/to/first.dtb -b /path/to/second.dtb \
-k /folder/with/key-files -g keyname -o sha256,rsa4096 \
-K u-boot.dtb -r kernel.itb
Example: Add public key with required = "conf" property to u-boot.dtb
without needing to sign anything. This will also create a useless FIT
named unused.itb.
mkimage -f auto-conf -d /dev/null -k /folder/with/key-files \
-g keyname -o sha256,rsa4096 -K u-boot.dtb -r unused.itb
Signed-off-by: Massimo Pegorer <massimo.pegorer@vimar.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Despite the original description of these options, they are not always
image names, or even files. Some image types use these options to convey
configuration directly. Re-document these options as configuration options.
Additionally, add a new section documenting the format of the configuration
for each image type which uses it. In general, if configuration is used
directly (without a separate file) I have added documentation for it. If
the configuration points to a separate file, I have referenced that file's
documentation. Where there is no such documentation, I have added it.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The mkimage command has had many options added over the years.
Unfortunately, we are starting to run out of short options. Recent options
don't have any obvious relation to their meaning (e.g. -o/-g). Fortunately,
long options exist. Add long options for each current short option.
For the curious, the remaining short options are HIkLmMPQSuUwWXyYzZ.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Per man-pages(7), "use of an AUTHORS section is strongly discouraged."
Remove it, and instead add some copyright notices and an SPDX. The default
license for U-Boot is GPL2, so that's what I put. The copyright dates are
based on the commit dates.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
This adds a SEE ALSO section to link to similar man pages, as well as to
the U-Boot documentation.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
In leiu of a non-standard HOMEPAGE section, add a BUGS section with a link
to the issue tracker.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
This makes a variety of changes for the options to make them
typographically consistent, clarify their meaning, and fix grammatical (or
other) errors. Many of the changes here are stylistic, though there are a
few fixes. The main changes I made across the board were:
- All options are bolded and parameters italicised
- All single quotes are properly matched (instead of using apostrophes)
- Minor background info has been added to clarify many underdocumented
options
- Default values for options are documented
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The description in NAME should not be capitalized. Fix a grammatical error
as well.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
This moves some options which work in any mode to the general options
section. -p is moved to after -E/-B since those options are related. This
also adds documentation for -h and -V.
The -F, -l, and -G options are documented twice. Remove the second
documentation in each case. The synopsis for -l also suggests an implied
second uimage-file-name parameter. E.g.
mkimage [-l uimage-file-name] uimage-file-name
This is misleading, so remove it. Wrap a few lines to 80 characters as
well.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The options are divided up into several subsections. Use the appropriate
macro. While we're at it, rename the headings to better reflect the
contents of their sections.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Square brackets are commonly used to denote optional parts of a command.
However, all option arguments are mandatory. Remove these brackets. This
also removes some unnecessary quotation marks, and uses hyphens to connect
words in option arguments. This is intended to just clean up the
formatting, leaving content corrections to later patches.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
This puts each example in a new paragraph and uses a hanging indent for
continued lines to increase clarity. We use tabs instead of .in or .RS for
the indent because it renders properly in both man and mandoc (which is
what many common HTML man pages use). The only nit is that the tab stops in
man default to something like 2", so reduce that to 1". We also escape
every "minus" as recommended by man-pages(7).
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Blank lines do not have well-defined semantics in fill mode (the default).
Instead, use empty requests (.) where vertical space is necessary for
readability. There are a few places where we use a paragraph instead.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The synopsis section is a bit messy. As an example, "uimage file name" is
printed in italics, bold, and roman (depending on the line). This cleans
things up and converts the synopsis section to use standard style. The
.SY/.YS macros set up appropriate formatting for command synopsis sections
(such as disabling hyphenation and setting a hanging indent). All parts of
the synopsis now use the following style:
- Bold for parts of the command which should be typed in by the user (such
as the program name and flags)
- Italic for parts which should be replaced (such as uimage-file-name)
- Roman for parts which should not be typed at all (such as brackets)
Multi-word variables now use hyphens to connect their words instead of
spaces. This makes it clearer that all the words are part of the same
variable. Additionally, "option ..." is used to denote where other options
may be specified, as this appears to be standard style.
In addition to the above style changes, this also makes some changes to
content. The use of the term "legacy" has been removed, since this simply
refers to any non-FIT image type. Additionally, wording like "uimage file
name" has been replaced with "image-file-name" to better reflect that
images may or may not be uImages. Lastly, the "auto" value for -f is
documented in the synopsis.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
This adds support for signing images in auto-generated FITs. To do this,
we need to add a signature node. The algorithm name property already has
its own option, but we need one for the key name hint. We could have
gone the -G route and added an explicit name for the public key (like
what is done for the private key). However, many places assume the
public key can be constructed from the key dir and hint, and I don't
want to do the refactoring necessary.
As a consequence of this, it is now easier to add public keys to an
existing image without signing something. This could be done all along,
but now you don't have to create an its just to do it. Ideally, we
wouldn't create a FIT at the end. This could be done by calling
fit_image_setup_sig/info.crypto->add_verify_data directly.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
|
|
Document -G and the secondary image types which can be used with -R.
Also reword the documentation of -s for clarity.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
|
|
Over the years, several options have not made it into the help message.
Document them. Do the same for the man page.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
|
|
Currently -l option for mkimage and dumpimage ignores option -T and always
tries to autodetect image type.
With this change it is possible to tell mkimage and dumpimage to parse
image file as specific type (and not random autodetected type). This allows
to use mkimage -l or dumpimage -l as tool for validating image.
params.type for -l option is now by default initialized to zero
(IH_TYPE_INVALID) instead of IH_TYPE_KERNEL. imagetool_get_type() for
IH_TYPE_INVALID returns NULL, which is assigned to tparams. mkimage and
dumpimage code is extended to handle tparams with NULL for -l option. And
imagetool_verify_print_header() is extended to do validation via tparams if
is not NULL.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Addresses the feedback provided on 5902a397d029 ("mkimage: Allow to
specify the signature algorithm on the command line") which raced with
the merge.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
This permits to prepare FIT image description that do not hard-code the
final choice of the signature algorithm, possibly requiring the user to
patch the sources.
When -o <algo> is specified, this information is used in favor of the
'algo' property in the signature node. Furthermore, that property is set
accordingly when writing the image.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
|
|
Normally the FIT timestamp is created the first time mkimage is run on a
FIT, when converting the source .its to the binary .fit file. This
corresponds to using the -f flag. But if the original input to mkimage is
a binary file (already compiled) then the timestamp is assumed to have
been set previously.
Add a -t flag to allow setting the timestamp in this case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
This reverts commit 5d3a21df6694ebd66d5c34c9d62a26edc7456fc7, reversing
changes made to 56d37f1c564107e27d873181d838571b7d7860e7.
Unfortunately this is causing CI failures:
https://travis-ci.org/github/trini/u-boot/jobs/711313649
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Normally the FIT timestamp is created the first time mkimage is run on a
FIT, when converting the source .its to the binary .fit file. This
corresponds to using the -f flag. But if the original input to mkimage is
a binary file (already compiled) then the timestamp is assumed to have
been set previously.
Add a -t flag to allow setting the timestamp in this case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
Adds -i option that allows specifying a ramdisk file to be added to the
FIT image when we are using the automatic FIT mode (no ITS file).
This makes adding Depthcharge support to LAVA much more convenient, as
no additional configuration files need to be kept around in the machine
that dispatches jobs to the boards.
Signed-off-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Matt Hart <matthew.hart@linaro.org>
Cc: Neil Williams <codehelp@debian.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
When building a FIT with external data (-E), U-Boot proper may require
absolute positioning for executing the external firmware. To acheive this
use the (-p) switch, which will replace the amended 'data-offset' with
'data-position' indicating the absolute position of external data.
It is considered an error if the requested absolute position overlaps with the
initial data required for the compact FIT.
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
|
|
The getopt(3) optstring '-' is a GNU extension which is not available on BSD
systems like OS X.
Remove this dependency by implementing argument parsing in another way. This
will also change the lately introduced '-b' switch behaviour.
Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
One limitation of FIT is that all the data is 'inline' within it, using a
'data' property in each image node. This means that to find out what is in
the FIT it is necessary to scan the entire file. Once loaded it can be
scanned and then the images can be copied to the correct place in memory.
In SPL it can take a significant amount of time to copy images around in
memory. Also loading data that does not end up being used is wasteful. It
would be useful if the FIT were small, acting as a directory, with the
actual data stored elsewhere.
This allows SPL to load the entire FIT, without the images, then load the
images it wants later.
Add a -E option to mkimage to request that it output an 'external' FIT.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
To make the auto-FIT feature useful we need to be able to provide a list of
device tree files on the command line for mkimage to add into the FIT. Add
support for this feature.
So far there is no support for hashing or verified boot using this method.
For those cases, a .its file must still be provided.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present, when generating a FIT, mkimage requires a .its file containing
the structure of the FIT and referring to the images to be included.
Creating the .its file is a separate step that makes it harder to use FIT.
This is not required for creating legacy images.
Often the FIT is pretty standard, consisting of an OS image, some device
tree files and a single configuration. We can handle this case automatically
and avoid needing a .its file at all.
To start with, support automatically generate the FIT using a new '-f auto'
option. Initially this only supports adding a single image (e.g. a linux
kernel) and a single configuration.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This will be used in mkimage when working out the required size of the FIT
based on the files to be placed into it.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
* Escape use of - in description of -F.
* Fix line continuations in examples so that the continued lines are
also bold.
Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
|
|
Normally, multiple public keys can be provided and U-Boot is not
required to use all of them for verification. This is because some
images may not be signed, or may be optionally signed.
But we still need a mechanism to determine when a key must be used.
This feature cannot be implemented in the FIT itself, since anyone
could change it to mark a key as optional. The requirement for
key verification must go in with the public keys, in a place that
is protected from modification.
Add a -r option which tells mkimage to mark all keys that it uses
for signing as 'required'.
If some keys are optional and some are required, run mkimage several
times (perhaps with different key directories if some keys are very
secret) using the -F flag to update an existing FIT.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
|
|
When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
|
|
When signing images it is sometimes necessary to sign with different keys
at different times, or make the signer entirely separate from the FIT
creation to avoid needing the private keys to be publicly available in
the system.
Add a -F option so that key signing can be a separate step, and possibly
done multiple times as different keys are avaiable.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
|
|
FIT image verification requires public keys. Add a convenient option to
mkimage to write the public keys to an FDT blob when it uses then for
signing an image. This allows us to use:
mkimage -f test.its -K dest.dtb -k keys test.fit
and have the signatures written to test.fit and the corresponding public
keys written to dest.dtb. Then dest.dtb can be used as the control FDT
for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
public keys it needs.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
|
|
Keys required for signing images will be in a specific directory. Add a
-k option to specify that directory.
Also update the mkimage man page with this information and a clearer list
of available commands.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)
|
|
Signed-off-by: Horst Kronstorfer <hkronsto@frequentis.com>
|
|
Signed-off-by: Horst Kronstorfer <hkronsto@frequentis.com>
Acked-by: Mike Frysinger <vapier@gentoo.org>
|
|
By default, "-" chars are interpreted as hyphens (U+2010) by groff, not
as minus signs (U+002D). Since options to programs use minus signs
(U+002D), this means for example in UTF-8 locales that you cannot cut
and paste options, nor search for them easily.
(Reported by lintian.)
Signed-off-by: Loïc Minier <loic.minier@linaro.org>
|
|
Some Linux distributions include the "mkimage" as a package.
This commit provides a manual page for mkimage.
Signed-off-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Added documentation for FIT images and examples.
Moved to doc/ directory.
Signed-off-by: Wolfgang Denk <wd@denx.de>
|
