lib/ecdsa: Use the 'keydir' argument from mkimage if appropriate Keys can be derived from keydir, and the "key-name-hint" property of the FIT. They can also be specified ad-literam via 'keyfile'. Update the ECDSA signing path to use the appropriate one. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>

commit: 80c81a30db58b16c79f73bcadecc4bb62075291d [log] [tgz]
author: Alexandru Gagniuc <mr.nuke.me@gmail.com> Fri Feb 19 12:45:19 2021 -0600
committer: Tom Rini <trini@konsulko.com> Wed Apr 14 15:23:01 2021 -0400
tree: b7f091c51e3ff9e37a354fe63c0a1a55abc8e359
parent: a35da20f50593d1f0a61e55e880d03bbae7c36eb [diff] [blame]
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index 3228809..1757a14 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c

@@ -140,8 +140,20 @@
 /* Prepare a 'signer' context that's ready to sign and verify. */
 static int prepare_ctx(struct signer *ctx, const struct image_sign_info *info)
 {
-	const char *kname = info->keydir;
 	int key_len_bytes, ret;
+	char kname[1024];
+
+	memset(ctx, 0, sizeof(*ctx));
+
+	if (info->keyfile) {
+		snprintf(kname,  sizeof(kname), "%s", info->keyfile);
+	} else if (info->keydir && info->keyname) {
+		snprintf(kname, sizeof(kname), "%s/%s.pem", info->keydir,
+			 info->keyname);
+	} else {
+		fprintf(stderr, "keyfile, keyname, or key-name-hint missing\n");
+		return -EINVAL;
+	}
 
 	ret = alloc_ctx(ctx, info);
 	if (ret)
commit	80c81a30db58b16c79f73bcadecc4bb62075291d	[log] [tgz]
author	Alexandru Gagniuc <mr.nuke.me@gmail.com>	Fri Feb 19 12:45:19 2021 -0600
committer	Tom Rini <trini@konsulko.com>	Wed Apr 14 15:23:01 2021 -0400
tree	b7f091c51e3ff9e37a354fe63c0a1a55abc8e359
parent	a35da20f50593d1f0a61e55e880d03bbae7c36eb [diff] [blame]