From mboxrd@z Thu Jan  1 00:00:00 1970
From: Simon Glass <sjg@chromium.org>
Date: Sun, 7 Feb 2021 07:37:28 -0700
Subject: [PATCH 2/4] mkimage: Add a 'keyfile' argument for image signing
In-Reply-To: <20210204195705.2057081-3-mr.nuke.me@gmail.com>
References: <20210204195705.2057081-1-mr.nuke.me@gmail.com>
 <20210204195705.2057081-3-mr.nuke.me@gmail.com>
Message-ID: <CAPnjgZ0m=7j+PjH8=3DeAi57h6MHUi=ZtWES-57naH+aNDHHcQ@mail.gmail.com>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

Hi Alexandru,

On Thu, 4 Feb 2021 at 12:57, Alexandru Gagniuc <mr.nuke.me@gmail.com> wrote:
>
> It's not always desirable to use 'keydir' and some ad-hoc heuristics
> to get the filename of the signing key. More often, just passing the
> filename is the simpler, easier, and logical thing to do.
>
> Since mkimage doesn't use long options, we're slowly running out of
> letters. I've chosen '-G' because it was available.
>
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
> ---
>  include/image.h    |  8 ++++---
>  tools/fit_image.c  |  3 ++-
>  tools/image-host.c | 58 +++++++++++++++++++++++++---------------------
>  tools/imagetool.h  |  1 +
>  tools/mkimage.c    |  6 ++++-
>  5 files changed, 45 insertions(+), 31 deletions(-)
>

Reviewed-by: Simon Glass <sjg@chromium.org>

See below.

> diff --git a/include/image.h b/include/image.h
> index 2447321023..9bc8b8d179 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -1128,9 +1128,10 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
>   *     0, on success
>   *     libfdt error code, on failure
>   */
> -int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
> -                             const char *comment, int require_keys,
> -                             const char *engine_id, const char *cmdname);
> +int fit_add_verification_data(const char *keydir, const char *keyfile,
> +                             void *keydest, void *fit, const char *comment,
> +                             int require_keys, const char *engine_id,
> +                             const char *cmdname);
>
>  int fit_image_verify_with_data(const void *fit, int image_noffset,
>                                const void *data, size_t size);
> @@ -1236,6 +1237,7 @@ void image_set_host_blob(void *host_blob);
>  struct image_sign_info {
>         const char *keydir;             /* Directory conaining keys */
>         const char *keyname;            /* Name of key to use */
> +       const char *keyfile;            /* Filename of private or public key */

Please also document the semantics of this...can it be NULL? I think
you intend that either keydir or keyfile is used but not both, right?

Regards,
Simon