binman: implement signing FIT images during image build
The patch implement new property 'fit,sign' that can be declared
at the top-level 'fit' node. If that option is declared, fit tryies
to detect private keys directory among binman include directories.
That directory than passed to mkimage using '-k' flag and that enable
signing of FIT.
Signed-off-by: Alexander Kochetkov <al.kochet@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Renumbered files, moved new tests to end:
Signed-off-by: Simon Glass <sjg@chromium.org>
diff --git a/tools/binman/btool/mkimage.py b/tools/binman/btool/mkimage.py
index 39a4c8c..78d3301 100644
--- a/tools/binman/btool/mkimage.py
+++ b/tools/binman/btool/mkimage.py
@@ -22,7 +22,7 @@
# pylint: disable=R0913
def run(self, reset_timestamp=False, output_fname=None, external=False,
- pad=None, align=None):
+ pad=None, align=None, priv_keys_dir=None):
"""Run mkimage
Args:
@@ -34,6 +34,7 @@
other things to be easily added later, if required, such as
signatures
align: Bytes to use for alignment of the FIT and its external data
+ priv_keys_dir: Path to directory containing private keys
version: True to get the mkimage version
"""
args = []
@@ -45,6 +46,8 @@
args += ['-B', f'{align:x}']
if reset_timestamp:
args.append('-t')
+ if priv_keys_dir:
+ args += ['-k', f'{priv_keys_dir}']
if output_fname:
args += ['-F', output_fname]
return self.run_cmd(*args)