diff options
Diffstat (limited to 'tools')
-rw-r--r-- | tools/fit_image.c | 9 | ||||
-rw-r--r-- | tools/mkimage.c | 8 | ||||
-rw-r--r-- | tools/mkimage.h | 1 |
3 files changed, 12 insertions, 6 deletions
diff --git a/tools/fit_image.c b/tools/fit_image.c index d48f571b0f..281c2bda13 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -152,10 +152,11 @@ static int fit_handle_file (struct mkimage_params *params) goto err_mmap; /* set hashes for images in the blob */ - if (fit_add_verification_data(params->keydir, dest_blob, ptr, - params->comment, 0)) { - fprintf (stderr, "%s Can't add hashes to FIT blob", - params->cmdname); + if (fit_add_verification_data(params->keydir, + dest_blob, ptr, params->comment, + params->require_keys)) { + fprintf(stderr, "%s Can't add hashes to FIT blob\n", + params->cmdname); goto err_add_hashes; } diff --git a/tools/mkimage.c b/tools/mkimage.c index b3b45a47a3..d312844e9c 100644 --- a/tools/mkimage.c +++ b/tools/mkimage.c @@ -270,6 +270,9 @@ main (int argc, char **argv) usage (); params.imagename = *++argv; goto NXTARG; + case 'r': + params.require_keys = 1; + break; case 'R': if (--argc <= 0) usage(); @@ -645,11 +648,12 @@ usage () fprintf(stderr, " -D => set options for device tree compiler\n" " -f => input filename for FIT source\n"); #ifdef CONFIG_FIT_SIGNATURE - fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>]\n" + fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-r]\n" " -k => set directory containing private keys\n" " -K => write public keys to this .dtb file\n" " -c => add comment in signature node\n" - " -F => re-sign existing FIT image\n"); + " -F => re-sign existing FIT image\n" + " -r => mark keys used as 'required' in dtb\n"); #else fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n"); #endif diff --git a/tools/mkimage.h b/tools/mkimage.h index ab8baf8f05..1d9984e1a3 100644 --- a/tools/mkimage.h +++ b/tools/mkimage.h @@ -90,6 +90,7 @@ struct mkimage_params { const char *keydir; /* Directory holding private keys */ const char *keydest; /* Destination .dtb for public key */ const char *comment; /* Comment to add to signature node */ + int require_keys; /* 1 to mark signing keys as 'required' */ }; /* |