developer | 23f9f0f | 2023-06-15 13:06:25 +0800 | [diff] [blame] | 1 | --- a/scripts/mkits.sh |
| 2 | +++ b/scripts/mkits.sh |
| 3 | @@ -17,7 +17,7 @@ |
| 4 | usage() { |
| 5 | printf "Usage: %s -A arch -C comp -a addr -e entry" "$(basename "$0")" |
| 6 | printf " -v version -k kernel [-D name -n address -d dtb] -o its_file" |
| 7 | - printf " [-s script] [-S key_name_hint] [-r ar_ver] [-R rootfs] [-m rfsk]" |
| 8 | + printf " [-s script] [-S key_name_hint] [-b key_alg] [-r ar_ver] [-R rootfs] [-m rfsk]" |
| 9 | |
| 10 | printf "\n\t-A ==> set architecture to 'arch'" |
| 11 | printf "\n\t-C ==> set compression type 'comp'" |
| 12 | @@ -32,6 +32,7 @@ usage() { |
| 13 | printf "\n\t-o ==> create output file 'its_file'" |
| 14 | printf "\n\t-s ==> include u-boot script 'script'" |
| 15 | printf "\n\t-S ==> add signature at configurations and assign its key_name_hint by 'key_name_hint'" |
| 16 | + printf "\n\t-b ==> set key algorithm" |
| 17 | printf "\n\t-r ==> set anti-rollback version to 'fw_ar_ver' (dec)" |
| 18 | printf "\n\t-R ==> specify rootfs file for embedding hash" |
| 19 | printf "\n\t-m ==> include encrypted rootfs key'\n" |
| 20 | @@ -40,11 +41,12 @@ usage() { |
| 21 | |
| 22 | FDTNUM=1 |
| 23 | |
| 24 | -while getopts ":A:a:c:C:D:d:e:k:n:o:v:s:S:r:R:m:" OPTION |
| 25 | +while getopts ":A:a:b:c:C:D:d:e:k:n:o:v:s:S:r:R:m:" OPTION |
| 26 | do |
| 27 | case $OPTION in |
| 28 | A ) ARCH=$OPTARG;; |
| 29 | a ) LOAD_ADDR=$OPTARG;; |
| 30 | + b ) KEY_ALG=$OPTARG;; |
| 31 | c ) CONFIG=$OPTARG;; |
| 32 | C ) COMPRESS=$OPTARG;; |
| 33 | D ) DEVICE=$OPTARG;; |
| 34 | @@ -169,9 +171,12 @@ if [ -n "${KEY_NAME_HINT}" ]; then |
| 35 | SIGN_OFFLINE=" |
| 36 | sign-offline = <1>;" |
| 37 | fi |
| 38 | + if [ -z "${KEY_ALG}" ]; then |
| 39 | + KEY_ALG="sha256,rsa2048" |
| 40 | + fi |
| 41 | SIGNATURE="\ |
| 42 | signature { |
| 43 | - algo = \"sha1,rsa2048\"; |
| 44 | + algo = \"${KEY_ALG}\"; |
| 45 | key-name-hint = \"${KEY_NAME_HINT}\"; |
| 46 | ${SIGN_IMAGES} |
| 47 | ${SIGN_OFFLINE} |
| 48 | --- a/target/linux/mediatek/image/Makefile |
| 49 | +++ b/target/linux/mediatek/image/Makefile |
| 50 | @@ -99,6 +99,7 @@ define Build/fit-sign |
| 51 | -A $(LINUX_KARCH) \ |
| 52 | -v $(LINUX_VERSION) \ |
| 53 | $(if $(FIT_KEY_NAME),-S $(FIT_KEY_NAME)) \ |
| 54 | + $(if $(FIT_KEY_ALG),-b $(FIT_KEY_ALG)) \ |
| 55 | $(if $(FW_AR_VER),-r $(FW_AR_VER)) \ |
| 56 | $(if $(CONFIG_TARGET_ROOTFS_SQUASHFS), \ |
| 57 | $(if $(ROOTFS_ENCRYPT), \ |
| 58 | @@ -129,6 +130,7 @@ define Device/Default |
| 59 | pad-rootfs | append-metadata |
| 60 | FIT_KEY_DIR := |
| 61 | FIT_KEY_NAME := |
| 62 | + FIT_KEY_ALG := |
| 63 | ROE_KEY_DIR := |
| 64 | ROE_KEY_NAME := |
| 65 | endef |