]>
git.ipfire.org Git - thirdparty/u-boot.git/blob - tools/fdt_add_pubkey.c
1 // SPDX-License-Identifier: GPL-2.0+
3 #include "fit_common.h"
5 static const char *cmdname
;
7 static const char *algo_name
= "sha1,rsa2048"; /* -a <algo> */
8 static const char *keydir
= "."; /* -k <keydir> */
9 static const char *keyname
= "key"; /* -n <keyname> */
10 static const char *require_keys
; /* -r <conf|image> */
11 static const char *keydest
; /* argv[n] */
13 static void __attribute__((__noreturn__
)) print_usage(const char *msg
)
15 fprintf(stderr
, "Error: %s\n", msg
);
16 fprintf(stderr
, "Usage: %s [-a <algo>] [-k <keydir>] [-n <keyname>] [-r <conf|image>]"
17 " <fdt blob>\n", cmdname
);
18 fprintf(stderr
, "Help information: %s [-h]\n", cmdname
);
22 static void __attribute__((__noreturn__
)) print_help(void)
24 fprintf(stderr
, "Options:\n"
25 "\t-a <algo> Cryptographic algorithm. Optional parameter, default value: sha1,rsa2048\n"
26 "\t-k <keydir> Directory with public key. Optional parameter, default value: .\n"
27 "\t-n <keyname> Public key name. Optional parameter, default value: key\n"
28 "\t-r <conf|image> Required: If present this indicates that the key must be verified for the image / configuration to be considered valid.\n"
29 "\t<fdt blob> FDT blob file for adding of the public key. Required parameter.\n");
33 static void process_args(int argc
, char *argv
[])
37 while ((opt
= getopt(argc
, argv
, "a:k:n:r:h")) != -1) {
49 require_keys
= optarg
;
54 print_usage("Invalid option");
57 /* The last parameter is expected to be the .dtb to add the public key to */
59 keydest
= argv
[optind
];
62 print_usage("Missing dtb file to update");
65 static void reset_info(struct image_sign_info
*info
)
68 fprintf(stderr
, "Error: info is NULL in %s\n", __func__
);
70 memset(info
, 0, sizeof(struct image_sign_info
));
72 info
->keydir
= keydir
;
73 info
->keyname
= keyname
;
74 info
->name
= algo_name
;
75 info
->require_keys
= require_keys
;
76 info
->crypto
= image_get_crypto_algo(algo_name
);
79 fprintf(stderr
, "Unsupported signature algorithm '%s'\n",
85 static int add_pubkey(struct image_sign_info
*info
)
88 void *dest_blob
= NULL
;
89 struct stat dest_sbuf
;
93 fprintf(stderr
, "Error: info is NULL in %s\n", __func__
);
97 munmap(dest_blob
, dest_sbuf
.st_size
);
100 fprintf(stderr
, ".dtb too small, increasing size by 1024 bytes\n");
104 destfd
= mmap_fdt(cmdname
, keydest
, size_inc
, &dest_blob
,
105 &dest_sbuf
, false, false);
109 ret
= info
->crypto
->add_verify_data(info
, dest_blob
);
114 } while (ret
== -ENOSPC
);
119 int main(int argc
, char *argv
[])
121 struct image_sign_info info
;
126 process_args(argc
, argv
);
128 ret
= add_pubkey(&info
);
131 fprintf(stderr
, "%s: Cannot add public key to FIT blob: %s\n",
132 cmdname
, strerror(ret
));