summaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
authorSimon Glass <sjg@chromium.org>2013-06-13 15:10:02 -0700
committerTom Rini <trini@ti.com>2013-06-26 10:18:56 -0400
commit19c402afa2e1190f596f35a84ac049b10d814f1f (patch)
tree4f4d2302f4b6fa01e9a2214dee6bfe75e220a010 /README
parent56518e71041fafdfd7af3a24f263b0a22efbeda9 (diff)
image: Add RSA support for image signing
RSA provides a public key encryption facility which is ideal for image signing and verification. Images are signed using a private key by mkimage. Then at run-time, the images are verified using a private key. This implementation uses openssl for the host part (mkimage). To avoid bringing large libraries into the U-Boot binary, the RSA public key is encoded using a simple numeric representation in the device tree. Signed-off-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'README')
-rw-r--r--README10
1 files changed, 10 insertions, 0 deletions
diff --git a/README b/README
index d3e03d797fc..0f417b599d2 100644
--- a/README
+++ b/README
@@ -2581,6 +2581,16 @@ CBFS (Coreboot Filesystem) support
Note: There is also a sha1sum command, which should perhaps
be deprecated in favour of 'hash sha1'.
+- Signing support:
+ CONFIG_RSA
+
+ This enables the RSA algorithm used for FIT image verification
+ in U-Boot. See doc/uImage/signature for more information.
+
+ The signing part is build into mkimage regardless of this
+ option.
+
+
- Show boot progress:
CONFIG_SHOW_BOOT_PROGRESS