From 62b27a561c2868d95445905ad554297e43cc0f2b Mon Sep 17 00:00:00 2001
From: Marc Kleine-Budde <mkl@pengutronix.de>
Date: Fri, 23 Jul 2021 22:17:50 +0200
Subject: mkimage: use environment variable MKIMAGE_SIGN_PIN to set pin for
 OpenSSL Engine

This patch adds the possibility to pass the PIN the OpenSSL Engine
used during signing via the environment variable MKIMAGE_SIGN_PIN.
This follows the approach used during kernel module
signing ("KBUILD_SIGN_PIN") or UBIFS image
signing ("MKIMAGE_SIGN_PIN").

Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
---
 doc/uImage.FIT/signature.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'doc')

diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index 7cb1c15e5e..61a72db3c7 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -533,8 +533,8 @@ Generic engine key ids:
 or
   "<key-name-hint>"
 
-As mkimage does not at this time support prompting for passwords HSM may need
-key preloading wrapper to be used when invoking mkimage.
+In order to set the pin in the HSM, an environment variable "MKIMAGE_SIGN_PIN"
+can be specified.
 
 The following examples use the Nitrokey Pro using pkcs11 engine. Instructions
 for other devices may vary.
-- 
cgit v1.2.3