diff options
| author | Lukas Funke <lukas.funke@weidmueller.com> | 2023-07-18 13:53:15 +0200 |
|---|---|---|
| committer | Simon Glass <sjg@chromium.org> | 2023-07-24 09:34:10 -0600 |
| commit | 5609843b57a42a3b05b2e14e3bb51b0451c429a1 (patch) | |
| tree | d50bc6f98e3cc41c1e3e2c3f98de10deda4a823d /tools/binman/entries.rst | |
| parent | 671bc4334668fc4280f9d56e83a7b208cdd9ba8f (diff) | |
binman: etype: Add u-boot-spl-pubkey-dtb etype
This adds a new etype 'u-boot-spl-pubkey-dtb'. The etype adds the public
key from a certificate to the dtb. This creates a '/signature' node which
is turn contains the fields which make up the public key. Usually this
is done by 'mkimage -K'. However, 'binman sign' does not add the public
key to the SPL. This is why the pubkey is added using this etype.
The etype calls the underlying 'fdt_add_pubkey' tool.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'tools/binman/entries.rst')
| -rw-r--r-- | tools/binman/entries.rst | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst index b2fc665e471..f2376932be6 100644 --- a/tools/binman/entries.rst +++ b/tools/binman/entries.rst @@ -2117,6 +2117,45 @@ binman uses that to look up symbols to write into the SPL binary. +.. _etype_u_boot_spl_pubkey_dtb: + +Entry: u-boot-spl-pubkey-dtb: U-Boot SPL device tree including public key +------------------------------------------------------------------------- + +Properties / Entry arguments: + - key-name-hint: Public key name without extension (.crt). + Default is determined by underlying + bintool (fdt_add_pubkey), usually 'key'. + - algo: (Optional) Algorithm used for signing. Default is determined by + underlying bintool (fdt_add_pubkey), usually 'sha1,rsa2048' + - required: (Optional) If present this indicates that the key must be + verified for the image / configuration to be + considered valid + +The following example shows an image containing an SPL which +is packed together with the dtb. Binman will add a signature +node to the dtb. + +Example node:: + + image { + ... + spl { + filename = "spl.bin" + + u-boot-spl-nodtb { + }; + u-boot-spl-pubkey-dtb { + algo = "sha384,rsa4096"; + required = "conf"; + key-name-hint = "dev"; + }; + }; + ... + } + + + .. _etype_u_boot_spl_with_ucode_ptr: Entry: u-boot-spl-with-ucode-ptr: U-Boot SPL with embedded microcode pointer |