summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorAlexandru Gagniuc <mr.nuke.me@gmail.com>2021-02-19 12:45:16 -0600
committerTom Rini <trini@konsulko.com>2021-04-14 15:23:01 -0400
commitfb6532ec6c0c247dc204f65cb298d0865f7eaf3b (patch)
tree1633e6aa1c3d35f5da2b3df936166f54d5990a93 /doc
parentf91de329abb6f3a247758354bccb172070ccc4ac (diff)
downloadu-boot-fb6532ec6c0c247dc204f65cb298d0865f7eaf3b.tar.gz
u-boot-fb6532ec6c0c247dc204f65cb298d0865f7eaf3b.tar.bz2
u-boot-fb6532ec6c0c247dc204f65cb298d0865f7eaf3b.zip
doc: signature.txt: Document the keydir and keyfile arguments
After lots of debating, this documents how we'd like mkimage to treat 'keydir' and 'keyfile' arguments. The rest is in the docs. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/uImage.FIT/signature.txt13
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index 0139295d33..d9a9121190 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -472,6 +472,19 @@ Test Verified Boot Run: signed config with bad hash: OK
Test passed
+Software signing: keydir vs keyfile
+-----------------------------------
+
+In the simplest case, signing is done by giving mkimage the 'keyfile'. This is
+the path to a file containing the signing key.
+
+The alternative is to pass the 'keydir' argument. In this case the filename of
+the key is derived from the 'keydir' and the "key-name-hint" property in the
+FIT. In this case the "key-name-hint" property is mandatory, and the key must
+exist in "<keydir>/<key-name-hint>.<ext>" Here the extension "ext" is
+specific to the signing algorithm.
+
+
Hardware Signing with PKCS#11 or with HSM
-----------------------------------------