brain-hackers_pepepper-mirror
/
u-boot-brain
mirror of https://github.com/brain-hackers/u-boot-brain
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

doc: signature.txt: Document the keydir and keyfile arguments 

After lots of debating, this documents how we'd like mkimage to treat
'keydir' and 'keyfile' arguments. The rest is in the docs.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Alexandru Gagniuc 2021-02-19 12:45:16 -06:00 committed by Tom Rini
parent f91de329ab
commit fb6532ec6c
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
doc/uImage.FIT/signature.txt
View File

@ -472,6 +472,19 @@ Test Verified Boot Run: signed config with bad hash: OK
Test passed
Software signing: keydir vs keyfile
-----------------------------------
In the simplest case, signing is done by giving mkimage the 'keyfile'. This is
the path to a file containing the signing key.
The alternative is to pass the 'keydir' argument. In this case the filename of
the key is derived from the 'keydir' and the "key-name-hint" property in the
FIT. In this case the "key-name-hint" property is mandatory, and the key must
exist in "<keydir>/<key-name-hint>.<ext>" Here the extension "ext" is
specific to the signing algorithm.
Hardware Signing with PKCS#11 or with HSM
-----------------------------------------