#define IMAGE_ENABLE_FIT 1
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
-#define CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 1
-#define CONFIG_FIT_ENABLE_SHA256_SUPPORT
-#define CONFIG_FIT_ENABLE_SHA384_SUPPORT
-#define CONFIG_FIT_ENABLE_SHA512_SUPPORT
+#define CONFIG_FIT_RSASSA_PSS 1
+#define CONFIG_FIT_SHA256
+#define CONFIG_FIT_SHA384
+#define CONFIG_FIT_SHA512
#define CONFIG_SHA1
#define CONFIG_SHA256
#define CONFIG_SHA384
# ifdef CONFIG_SPL_MD5_SUPPORT
# define IMAGE_ENABLE_MD5 1
# endif
-# ifdef CONFIG_SPL_SHA1_SUPPORT
+# ifdef CONFIG_SPL_FIT_SHA1
# define IMAGE_ENABLE_SHA1 1
# endif
# else
#define IMAGE_ENABLE_SHA1 0
#endif
-#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \
- defined(CONFIG_SPL_SHA256_SUPPORT)
+#if defined(CONFIG_FIT_SHA256) || \
+ defined(CONFIG_SPL_FIT_SHA256)
#define IMAGE_ENABLE_SHA256 1
#else
#define IMAGE_ENABLE_SHA256 0
#endif
-#if defined(CONFIG_FIT_ENABLE_SHA384_SUPPORT) || \
- defined(CONFIG_SPL_SHA384_SUPPORT)
+#if defined(CONFIG_FIT_SHA384) || \
+ defined(CONFIG_SPL_FIT_SHA384)
#define IMAGE_ENABLE_SHA384 1
#else
#define IMAGE_ENABLE_SHA384 0
#endif
-#if defined(CONFIG_FIT_ENABLE_SHA512_SUPPORT) || \
- defined(CONFIG_SPL_SHA512_SUPPORT)
+#if defined(CONFIG_FIT_SHA512) || \
+ defined(CONFIG_SPL_FIT_SHA512)
#define IMAGE_ENABLE_SHA512 1
#else
#define IMAGE_ENABLE_SHA512 0
#define BOOTM_STATE_OS_GO (0x00000400)
int state;
-#ifdef CONFIG_LMB
+#if defined(CONFIG_LMB) && !defined(USE_HOSTCC)
struct lmb lmb; /* for memory mgmt */
#endif
} bootm_headers_t;
* 0, on success
* libfdt error code, on failure
*/
-int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
- const char *comment, int require_keys,
- const char *engine_id, const char *cmdname);
+int fit_add_verification_data(const char *keydir, const char *keyfile,
+ void *keydest, void *fit, const char *comment,
+ int require_keys, const char *engine_id,
+ const char *cmdname);
int fit_image_verify_with_data(const void *fit, int image_noffset,
const void *data, size_t size);
# if defined(CONFIG_FIT_SIGNATURE)
# define IMAGE_ENABLE_SIGN 1
# define IMAGE_ENABLE_VERIFY 1
+# define IMAGE_ENABLE_VERIFY_ECDSA 1
# define FIT_IMAGE_ENABLE_VERIFY 1
# include <openssl/evp.h>
# else
# define IMAGE_ENABLE_SIGN 0
# define IMAGE_ENABLE_VERIFY 0
+# define IMAGE_ENABLE_VERIFY_ECDSA 0
# define FIT_IMAGE_ENABLE_VERIFY 0
# endif
#else
# define IMAGE_ENABLE_SIGN 0
# define IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(RSA_VERIFY)
+# define IMAGE_ENABLE_VERIFY_ECDSA 0
# define FIT_IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(FIT_SIGNATURE)
#endif
#endif
#endif /* IMAGE_ENABLE_FIT */
-/* Information passed to the signing routines */
+/*
+ * Information passed to the signing routines
+ *
+ * Either 'keydir', 'keyname', or 'keyfile' can be NULL. However, either
+ * 'keyfile', or both 'keydir' and 'keyname' should have valid values. If
+ * neither are valid, some operations might fail with EINVAL.
+ */
struct image_sign_info {
const char *keydir; /* Directory conaining keys */
const char *keyname; /* Name of key to use */
+ const char *keyfile; /* Filename of private or public key */
void *fit; /* Pointer to FIT blob */
int node_offset; /* Offset of signature node */
const char *name; /* Algorithm name */
};
#if IMAGE_ENABLE_VERIFY
-# include <u-boot/rsa-checksum.h>
+# include <u-boot/hash-checksum.h>
#endif
struct checksum_algo {
const char *name;
* into the FIT creation (i.e. the binary blobs would have been pre-processed
* before being added to the FIT image).
*
+ * @fit: pointer to fit image
+ * @node: offset of image node
* @image: pointer to the image start pointer
* @size: pointer to the image size
* @return no return value (failure should be handled internally)
*/
-void board_fit_image_post_process(void **p_image, size_t *p_size);
+void board_fit_image_post_process(const void *fit, int node, void **p_image,
+ size_t *p_size);
#define FDT_ERROR ((ulong)(-1))