| Message ID | 20240805133520.1745316-2-paul.henrys_ext@softathome.com |
|---|---|
| State | Changes Requested |
| Delegated to: | Simon Glass |
| Headers | show |
| Series | [v2,1/3] aes: Allow to store randomly generated IV in the FIT | expand |
Hi Paul, On Mon, 5 Aug 2024 at 07:35, Paul HENRYS <paul.henrys_ext@softathome.com> wrote: > > The property 'fit,keys-directory' can be added to the configuration file > passed to binman to specify a directory where keys are stored and can be > used by mkimage to sign and cipher data. Environmental things like directories are best handled by binman itself, e.g. with the --indir argument. In this case it seems that you want a specific directory, rather than finding the keys in one of many possible directories. So I suggest adding a new entryarg for the FIT which lets you specify this key dir. > > Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com> > --- > tools/binman/btool/mkimage.py | 5 ++++- > tools/binman/entries.rst | 3 +++ > tools/binman/etype/fit.py | 6 ++++++ > 3 files changed, 13 insertions(+), 1 deletion(-) BTW when you change the fit docs you need to use 'binman entry-docs' to regenerate the entries.rts file, in the same patch. > > diff --git a/tools/binman/btool/mkimage.py b/tools/binman/btool/mkimage.py > index 39a4c8c1432..dbcf8daac30 100644 > --- a/tools/binman/btool/mkimage.py > +++ b/tools/binman/btool/mkimage.py > @@ -22,7 +22,7 @@ class Bintoolmkimage(bintool.Bintool): > > # pylint: disable=R0913 > def run(self, reset_timestamp=False, output_fname=None, external=False, > - pad=None, align=None): > + pad=None, align=None, keys_dir=None): > """Run mkimage > > Args: > @@ -34,6 +34,7 @@ class Bintoolmkimage(bintool.Bintool): > other things to be easily added later, if required, such as > signatures > align: Bytes to use for alignment of the FIT and its external data > + keys_dir: directory where keys are stored > version: True to get the mkimage version > """ > args = [] > @@ -45,6 +46,8 @@ class Bintoolmkimage(bintool.Bintool): > args += ['-B', f'{align:x}'] > if reset_timestamp: > args.append('-t') > + if keys_dir: > + args += ['-k', keys_dir] > if output_fname: > args += ['-F', output_fname] > return self.run_cmd(*args) > diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst > index 12482703782..eb33eb9eedf 100644 > --- a/tools/binman/entries.rst > +++ b/tools/binman/entries.rst > @@ -864,6 +864,9 @@ The top-level 'fit' node supports the following special properties: > > fit,fdt-list-dir = "arch/arm/dts > > + fit,keys-directory > + Provides a directory where keys can be retrieved. > + > Substitutions > ~~~~~~~~~~~~~ > > diff --git a/tools/binman/etype/fit.py b/tools/binman/etype/fit.py > index ee44e5a1cd6..d20906aab3b 100644 > --- a/tools/binman/etype/fit.py > +++ b/tools/binman/etype/fit.py > @@ -96,6 +96,9 @@ class Entry_fit(Entry_section): > > fit,fdt-list-dir = "arch/arm/dts > > + fit,keys-directory > + Provides a directory where keys can be retrieved. > + > Substitutions > ~~~~~~~~~~~~~ > > @@ -518,6 +521,9 @@ class Entry_fit(Entry_section): > align = self._fit_props.get('fit,align') > if align is not None: > args.update({'align': fdt_util.fdt32_to_cpu(align.value)}) > + keys_dir = self._fit_props.get('fit,keys-directory') > + if keys_dir is not None: > + args.update({'keys_dir': keys_dir.value}) > if self.mkimage.run(reset_timestamp=True, output_fname=output_fname, > **args) is None: > if not self.GetAllowMissing(): > -- > 2.25.1 > > -- This message and any attachments herein are confidential, intended solely for the addressees and are SoftAtHome’s ownership. Any unauthorized use or dissemination is prohibited. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. Regards, Simon
diff --git a/tools/binman/btool/mkimage.py b/tools/binman/btool/mkimage.py index 39a4c8c1432..dbcf8daac30 100644 --- a/tools/binman/btool/mkimage.py +++ b/tools/binman/btool/mkimage.py @@ -22,7 +22,7 @@ class Bintoolmkimage(bintool.Bintool): # pylint: disable=R0913 def run(self, reset_timestamp=False, output_fname=None, external=False, - pad=None, align=None): + pad=None, align=None, keys_dir=None): """Run mkimage Args: @@ -34,6 +34,7 @@ class Bintoolmkimage(bintool.Bintool): other things to be easily added later, if required, such as signatures align: Bytes to use for alignment of the FIT and its external data + keys_dir: directory where keys are stored version: True to get the mkimage version """ args = [] @@ -45,6 +46,8 @@ class Bintoolmkimage(bintool.Bintool): args += ['-B', f'{align:x}'] if reset_timestamp: args.append('-t') + if keys_dir: + args += ['-k', keys_dir] if output_fname: args += ['-F', output_fname] return self.run_cmd(*args) diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst index 12482703782..eb33eb9eedf 100644 --- a/tools/binman/entries.rst +++ b/tools/binman/entries.rst @@ -864,6 +864,9 @@ The top-level 'fit' node supports the following special properties: fit,fdt-list-dir = "arch/arm/dts + fit,keys-directory + Provides a directory where keys can be retrieved. + Substitutions ~~~~~~~~~~~~~ diff --git a/tools/binman/etype/fit.py b/tools/binman/etype/fit.py index ee44e5a1cd6..d20906aab3b 100644 --- a/tools/binman/etype/fit.py +++ b/tools/binman/etype/fit.py @@ -96,6 +96,9 @@ class Entry_fit(Entry_section): fit,fdt-list-dir = "arch/arm/dts + fit,keys-directory + Provides a directory where keys can be retrieved. + Substitutions ~~~~~~~~~~~~~ @@ -518,6 +521,9 @@ class Entry_fit(Entry_section): align = self._fit_props.get('fit,align') if align is not None: args.update({'align': fdt_util.fdt32_to_cpu(align.value)}) + keys_dir = self._fit_props.get('fit,keys-directory') + if keys_dir is not None: + args.update({'keys_dir': keys_dir.value}) if self.mkimage.run(reset_timestamp=True, output_fname=output_fname, **args) is None: if not self.GetAllowMissing():
The property 'fit,keys-directory' can be added to the configuration file passed to binman to specify a directory where keys are stored and can be used by mkimage to sign and cipher data. Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com> --- tools/binman/btool/mkimage.py | 5 ++++- tools/binman/entries.rst | 3 +++ tools/binman/etype/fit.py | 6 ++++++ 3 files changed, 13 insertions(+), 1 deletion(-)