From: Ivan Mikhaylov <fr0st61te@gmail.com>
To: Simon Glass <sjg@chromium.org>, Jan Kiszka <jan.kiszka@siemens.com>
Cc: u-boot@lists.denx.de, Ivan Mikhaylov <fr0st61te@gmail.com>,
Ivan Mikhaylov <ivan.mikhaylov@siemens.com>
Subject: [PATCH 1/1] binman: add sign option for binman
Date: Fri, 24 Dec 2021 21:23:34 +0000 [thread overview]
Message-ID: <20211224212334.7146-2-fr0st61te@gmail.com> (raw)
In-Reply-To: <20211224212334.7146-1-fr0st61te@gmail.com>
Introduce prototype for binman's new option which provides sign
and replace sections in binary images.
Usage as example:
from:
mkimage -G privateky -r -o sha256,rsa4096 -F fit@0x280000.fit
binman replace -i flash.bin -f fit@0x280000.fit fit@0x280000
to:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit@0x280000.fit fit@0x280000
Signed-off-by: Ivan Mikhaylov <ivan.mikhaylov@siemens.com>
---
tools/binman/cmdline.py | 13 +++++++++++++
tools/binman/control.py | 27 ++++++++++++++++++++++++++-
2 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/tools/binman/cmdline.py b/tools/binman/cmdline.py
index e73ff78095..c3cfd17d1c 100644
--- a/tools/binman/cmdline.py
+++ b/tools/binman/cmdline.py
@@ -113,6 +113,19 @@ controlled by a description in the board device tree.'''
replace_parser.add_argument('paths', type=str, nargs='*',
help='Paths within file to replace (wildcard)')
+ sign_parser = subparsers.add_parser('sign',
+ help='Sign entries in image')
+ sign_parser.add_argument('-i', '--image', type=str, required=True,
+ help='Image filename to update')
+ sign_parser.add_argument('-k', '--key', type=str, required=True,
+ help='Private key file for sign')
+ sign_parser.add_argument('-a', '--algo', type=str, required=True,
+ help='Hash algorithm')
+ sign_parser.add_argument('-f', '--file', type=str, required=True,
+ help='Input filename to sign')
+ sign_parser.add_argument('paths', type=str, nargs='*',
+ help='Paths within file to sign (wildcard)')
+
test_parser = subparsers.add_parser('test', help='Run tests')
test_parser.add_argument('-P', '--processes', type=int,
help='set number of processes to use for running tests')
diff --git a/tools/binman/control.py b/tools/binman/control.py
index 7da69ba38d..ec0e55f7c3 100644
--- a/tools/binman/control.py
+++ b/tools/binman/control.py
@@ -18,6 +18,7 @@ from binman import cbfs_util
from binman import elf
from patman import command
from patman import tout
+from patman import tools
# List of images we plan to create
# Make this global so that it can be referenced from tests
@@ -401,6 +402,26 @@ def ReplaceEntries(image_fname, input_fname, indir, entry_paths,
AfterReplace(image, allow_resize=allow_resize, write_map=write_map)
return image
+def MkimageSign(privatekey_fname, algo, input_fname):
+ tools.Run('mkimage', '-G', privatekey_fname, '-r', '-o', algo, '-F', input_fname)
+
+def SignEntries(image_fname, input_fname, privatekey_fname, algo, entry_paths):
+ """Sign and replace the data from one or more entries from input files
+
+ Args:
+ image_fname: Image filename to process
+ input_fname: Single input filename to use if replacing one file, None
+ otherwise
+ algo: Hashing algorithm
+ privatekey_fname: Private key filename
+
+ Returns:
+ List of EntryInfo records that were signed and replaced
+ """
+
+ MkimageSign(privatekey_fname, algo, input_fname)
+
+ return ReplaceEntries(image_fname, input_fname, None, entry_paths)
def PrepareImagesAndDtbs(dtb_fname, select_images, update_fdt, use_expanded):
"""Prepare the images to be processed and select the device tree
@@ -575,7 +596,7 @@ def Binman(args):
from binman.image import Image
from binman import state
- if args.cmd in ['ls', 'extract', 'replace']:
+ if args.cmd in ['ls', 'extract', 'replace', 'sign']:
try:
tout.Init(args.verbosity)
tools.PrepareOutputDir(None)
@@ -590,6 +611,10 @@ def Binman(args):
ReplaceEntries(args.image, args.filename, args.indir, args.paths,
do_compress=not args.compressed,
allow_resize=not args.fix_size, write_map=args.map)
+
+ if args.cmd == 'sign':
+ SignEntries(args.image, args.file, args.key, args.algo, args.paths)
+
except:
raise
finally:
--
2.31.1
next prev parent reply other threads:[~2021-12-25 1:53 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-24 21:23 [PATCH 0/1] Introduce new sign binman's option Ivan Mikhaylov
2021-12-24 21:23 ` Ivan Mikhaylov [this message]
2021-12-28 8:34 ` [PATCH 1/1] binman: add sign option for binman Simon Glass
2022-01-27 13:00 ` Ivan Mikhaylov
2022-02-07 20:22 ` Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211224212334.7146-2-fr0st61te@gmail.com \
--to=fr0st61te@gmail.com \
--cc=ivan.mikhaylov@siemens.com \
--cc=jan.kiszka@siemens.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.