| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
The commit introducing help text for the individual options,
inadvertently modified the usage string. Revert that single line.
Fixes: 94a2b2b28738 ("rsatoc: support generating standalone keys unreferenced by FIT keyring")
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20240105131000.1328500-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, all keys generated by rsatoc and included into barebox,
whether as C code or device tree snippets are added to the single key
ring that's used for FIT image verification. Users may want to add other
keys by the same means, but not have them available to FIT image
verification.
Support this use case by adding a -s option that generates standalone
keys. These are unreferenced by the key ring and automatic DT parsing
and expect the user to manually reference them, either via global
variable with a symbol name equal __key_${hint} or by looking into
/signature-standalone/key-${hint}.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20230921102310.1108543-6-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In addition to PKCS#11 URIs, rsatoc supports extracting RSA public keys
out of x.509 PEM certificats, which is a base64-encoded format that begins
with the header `-----BEGIN CERTIFICATE-----'.
Another popular format for RSA public keys is the X.509 SPKI format,
which starts with the header `-----BEGIN PUBLIC KEY-----'. As public
keys are the only thing rsatoc is interested in, add support for the latter
as well.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20230921102310.1108543-4-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
| |
Add -d option to generate output in dts format rather than C.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
Fixes:
scripts/rsatoc.c:189:5: warning: no previous prototype for ‘rsa_get_params’ [-Wmissing-prototypes]
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The GPL (both, versions 2 and 3) are incompatible with the OpenSSL license.
According to the Free Software Foundation the copyright holders of GPL
software have to provide an exception to allow this linkage.
This is effectively a license change and so needs confirmation by all
copyright holders.
Acked-by: Marc Kleine-Budde <mkl@pengutronix.de>
Cc: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
doen't contain a path
Fixes: 128ad3cbe043 ("scripts: Add rsatoc tool")
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
The rsatoc tool converts rsa public keys into C structs suitable to
compile with barebox. Most of the openssl rsa related stuff has been
taken from the U-Boot mkimage tool.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|