diff options
| author | Ivan Mikhaylov <fr0st61te@gmail.com> | 2023-03-08 01:13:39 +0000 |
|---|---|---|
| committer | Simon Glass <sjg@chromium.org> | 2023-03-14 16:08:51 -0600 |
| commit | 4023dc9c95ccb5bcb3719c1c10e3d4dce967e0a2 (patch) | |
| tree | fb4e2966687221cd1cba730be6446eb0e32bf6ed /tools/binman/control.py | |
| parent | 0f40e23fd2282809f62d2be6ea4eb8c1d995a09b (diff) | |
binman: add sign option for binman
Introduce proof of concept for binman's new option which provides sign
and replace FIT containers in binary images.
Usage as example:
from:
mkimage -G privateky -r -o sha256,rsa4096 -F fit
binman replace -i flash.bin -f fit.fit fit
to:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit
and to this one if it's need to be extracted, signed with key and put it
back in image:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 fit
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Diffstat (limited to 'tools/binman/control.py')
| -rw-r--r-- | tools/binman/control.py | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/tools/binman/control.py b/tools/binman/control.py index 2f2b4893b7e..cf2c91f622a 100644 --- a/tools/binman/control.py +++ b/tools/binman/control.py @@ -448,6 +448,29 @@ def ReplaceEntries(image_fname, input_fname, indir, entry_paths, AfterReplace(image, allow_resize=allow_resize, write_map=write_map) return image +def SignEntries(image_fname, input_fname, privatekey_fname, algo, entry_paths, + write_map=False): + """Sign and replace the data from one or more entries from input files + + Args: + image_fname: Image filename to process + input_fname: Single input filename to use if replacing one file, None + otherwise + algo: Hashing algorithm + entry_paths: List of entry paths to sign + privatekey_fname: Private key filename + write_map (bool): True to write the map file + """ + image_fname = os.path.abspath(image_fname) + image = Image.FromFile(image_fname) + + BeforeReplace(image, allow_resize=True) + + for entry_path in entry_paths: + entry = image.FindEntryPath(entry_path) + entry.UpdateSignatures(privatekey_fname, algo, input_fname) + + AfterReplace(image, allow_resize=True, write_map=write_map) def PrepareImagesAndDtbs(dtb_fname, select_images, update_fdt, use_expanded): """Prepare the images to be processed and select the device tree @@ -660,7 +683,7 @@ def Binman(args): tools.set_tool_paths(tool_paths or None) bintool.Bintool.set_tool_dir(args.tooldir) - if args.cmd in ['ls', 'extract', 'replace', 'tool']: + if args.cmd in ['ls', 'extract', 'replace', 'tool', 'sign']: try: tout.init(args.verbosity) if args.cmd == 'replace': @@ -679,6 +702,9 @@ def Binman(args): do_compress=not args.compressed, allow_resize=not args.fix_size, write_map=args.map) + if args.cmd == 'sign': + SignEntries(args.image, args.file, args.key, args.algo, args.paths) + if args.cmd == 'tool': if args.list: bintool.Bintool.list_all() |