mkimage: Add -K to write public keys to an FDT blob

FIT image verification requires public keys. Add a convenient option to
mkimage to write the public keys to an FDT blob when it uses then for
signing an image. This allows us to use:

   mkimage -f test.its -K dest.dtb -k keys test.fit

and have the signatures written to test.fit and the corresponding public
keys written to dest.dtb. Then dest.dtb can be used as the control FDT
for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
public keys it needs.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>

diff --git a/doc/mkimage.1 b/doc/mkimage.1
index 6740fb1061b1cf592312706a0de4ac1fa95b730b..8185ff5647e43386af42e2293664d38c2823700d 100644 (file)
--- a/doc/mkimage.1
+++ b/doc/mkimage.1
@@ -109,6 +109,14 @@ Specifies the directory containing keys to use for signing. This directory
 should contain a private key file <name>.key for use with signing and a
 certificate <name>.crt (containing the public key) for use with verification.
 
+.TP
+.BI "\-K [" "key_destination" "]"
+Specifies a compiled device tree binary file (typically .dtb) to write
+public key information into. When a private key is used to sign an image,
+the corresponding public key is written into this file for for run-time
+verification. Typically the file here is the device tree binary used by
+CONFIG_OF_CONTROL in U-Boot.
+
 .SH EXAMPLES
 
 List image information:
@@ -127,6 +135,14 @@ Create FIT image with compressed PowerPC Linux kernel:
 .nf
 .B mkimage -f kernel.its kernel.itb
 .fi
+.P
+Create FIT image with compressed kernel and sign it with keys in the
+/public/signing-keys directory. Add corresponding public keys into u-boot.dtb,
+skipping those for which keys cannot be found. Also add a comment.
+.nf
+.B mkimage -f kernel.its -k /public/signing-keys -K u-boot.dtb \\\\
+-c "Kernel 3.8 image for production devices" kernel.itb
+.fi
 
 .SH HOMEPAGE
 http://www.denx.de/wiki/U-Boot/WebHome

diff --git a/tools/fit_image.c b/tools/fit_image.c
index 339e0f8dfb728096b88b9750830a046727235b99..b17fa2d6c0247db447b7609ed4d6829f067b83b4 100644 (file)
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -105,9 +105,11 @@ static int fit_handle_file (struct mkimage_params *params)
 {
        char tmpfile[MKIMAGE_MAX_TMPFILE_LEN];
        char cmd[MKIMAGE_MAX_DTC_CMDLINE_LEN];
-       int tfd;
+       int tfd, destfd = 0;
+       void *dest_blob = NULL;
        struct stat sbuf;
        void *ptr;
+       off_t destfd_size = 0;
 
        /* Flattened Image Tree (FIT) format  handling */
        debug ("FIT format handling\n");
@@ -132,12 +134,20 @@ static int fit_handle_file (struct mkimage_params *params)
                goto err_system;
        }
 
+       if (params->keydest) {
+               destfd = mmap_fdt(params, params->keydest, &dest_blob, &sbuf);
+               if (destfd < 0)
+                       goto err_keydest;
+               destfd_size = sbuf.st_size;
+       }
+
        tfd = mmap_fdt(params, tmpfile, &ptr, &sbuf);
        if (tfd < 0)
                goto err_mmap;
 
        /* set hashes for images in the blob */
-       if (fit_add_verification_data(params->keydir, NULL, ptr, NULL, 0)) {
+       if (fit_add_verification_data(params->keydir, dest_blob, ptr,
+                                     NULL, 0)) {
                fprintf (stderr, "%s Can't add hashes to FIT blob",
                                params->cmdname);
                goto err_add_hashes;
@@ -153,6 +163,10 @@ static int fit_handle_file (struct mkimage_params *params)
 
        munmap ((void *)ptr, sbuf.st_size);
        close (tfd);
+       if (dest_blob) {
+               munmap(dest_blob, destfd_size);
+               close(destfd);
+       }
 
        if (rename (tmpfile, params->imagefile) == -1) {
                fprintf (stderr, "%s: Can't rename %s to %s: %s\n",
@@ -168,6 +182,9 @@ err_add_timestamp:
 err_add_hashes:
        munmap(ptr, sbuf.st_size);
 err_mmap:
+       if (dest_blob)
+               munmap(dest_blob, destfd_size);
+err_keydest:
 err_system:
        unlink(tmpfile);
        return -1;

diff --git a/tools/mkimage.c b/tools/mkimage.c
index def7df250cc72f9dc6719c5fb74a4134ef601528..376039228a93d75b084f69cc83c9bbec05931833 100644 (file)
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -253,6 +253,11 @@ main (int argc, char **argv)
                                        usage();
                                params.keydir = *++argv;
                                goto NXTARG;
+                       case 'K':
+                               if (--argc <= 0)
+                                       usage();
+                               params.keydest = *++argv;
+                               goto NXTARG;
                        case 'n':
                                if (--argc <= 0)
                                        usage ();
@@ -633,8 +638,9 @@ usage ()
        fprintf(stderr, "          -D => set options for device tree compiler\n"
                        "          -f => input filename for FIT source\n");
 #ifdef CONFIG_FIT_SIGNATURE
-       fprintf(stderr, "Signing / verified boot options: [-k keydir]\n"
-                       "          -k => set directory containing private keys\n");
+       fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb]\n"
+                       "          -k => set directory containing private keys\n"
+                       "          -K => write public keys to this .dtb file\n");
 #else
        fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
 #endif

diff --git a/tools/mkimage.h b/tools/mkimage.h
index 059e12439f1c0cc99b2a86c633bc6f55a04941c5..63b9b4f8bedeede86f8da9bcbc9e7e4d04bc6a16 100644 (file)
--- a/tools/mkimage.h
+++ b/tools/mkimage.h
@@ -88,6 +88,7 @@ struct mkimage_params {
        char *imagefile;
        char *cmdname;
        const char *keydir;     /* Directory holding private keys */
+       const char *keydest;    /* Destination .dtb for public key */
 };
 
 /*