tools: binman: add 'fit, encrypt' property to pass keys directory to mkimage
mkimage can be used for both signing the FIT or encrypt its content and the
option '-k' can be used to pass a directory where both signing and encryption
keys can be retrieved. Adding 'fit,encrypt' property to the 'fit' node, leads to
try to find keys directory among binman include directories.
_get_priv_keys_dir() is renamed as _get_keys_dir() and adapted to support both
signing and encryption nodes in the FIT.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst
index e918162..53024ac 100644
--- a/tools/binman/entries.rst
+++ b/tools/binman/entries.rst
@@ -871,6 +871,13 @@
-k flag. All the keys required for signing FIT must be available at
time of signing and must be located in single include directory.
+ fit,encrypt
+ Enable data encryption in FIT images via mkimage. If the property
+ is found, the keys path is detected among binman include
+ directories and passed to mkimage via -k flag. All the keys
+ required for encrypting the FIT must be available at the time of
+ encrypting and must be located in a single include directory.
+
Substitutions
~~~~~~~~~~~~~