doc: signature.txt: Document the keydir and keyfile arguments

author Alexandru Gagniuc <mr.nuke.me@gmail.com>

Fri, 19 Feb 2021 18:45:16 +0000 (12:45 -0600)

committer Tom Rini <trini@konsulko.com>

Wed, 14 Apr 2021 19:23:01 +0000 (15:23 -0400)
author Alexandru Gagniuc <mr.nuke.me@gmail.com>
Fri, 19 Feb 2021 18:45:16 +0000 (12:45 -0600)
committer Tom Rini <trini@konsulko.com>
Wed, 14 Apr 2021 19:23:01 +0000 (15:23 -0400)
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt

index 0139295..d9a9121 100644 (file)
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -472,6 +472,19 @@ Test Verified Boot Run: signed config with bad hash: OK
  Test passed
  
  
+Software signing: keydir vs keyfile
+-----------------------------------
+
+In the simplest case, signing is done by giving mkimage the 'keyfile'. This is
+the path to a file containing the signing key.
+
+The alternative is to pass the 'keydir' argument. In this case the filename of
+the key is derived from the 'keydir' and the "key-name-hint" property in the
+FIT. In this case the "key-name-hint" property is mandatory, and the key must
+exist in "<keydir>/<key-name-hint>.<ext>" Here the extension "ext" is
+specific to the signing algorithm.
+
+
  Hardware Signing with PKCS#11 or with HSM
  -----------------------------------------
author	Alexandru Gagniuc <mr.nuke.me@gmail.com>
	Fri, 19 Feb 2021 18:45:16 +0000 (12:45 -0600)
committer	Tom Rini <trini@konsulko.com>
	Wed, 14 Apr 2021 19:23:01 +0000 (15:23 -0400)