Boot: Add hardware key handling to signing script
Add an optional command line parameter to image signing script
to distinguish where the public key is stored for image
authentication: embedded in MCUBoot or in the image manifest.
Change-Id: I75542e2ee7138e8b2e3891c78293283c0839e81b
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/bl2/ext/mcuboot/scripts/imgtool.py b/bl2/ext/mcuboot/scripts/imgtool.py
index 3b6e874..1b539c2 100644
--- a/bl2/ext/mcuboot/scripts/imgtool.py
+++ b/bl2/ext/mcuboot/scripts/imgtool.py
@@ -110,7 +110,7 @@
security_cnt=args.security_counter,
included_header=args.included_header,
pad=pad_size)
- key = keys.load(args.key) if args.key else None
+ key = keys.load(args.key, args.public_key_format) if args.key else None
ram_load_address = macro_parser.evaluate_macro(args.layout, image_load_address_re, 0, 1)
img.sign(key, ram_load_address, args.dependencies)
@@ -178,6 +178,9 @@
sign.add_argument('-l', '--layout', required=True,
help='Location of the file that contains preprocessed macros')
sign.add_argument('-k', '--key', metavar='filename')
+ sign.add_argument("-K", "--public-key-format",
+ help='In what format to add the public key to the image manifest: full or hash',
+ metavar='pub_key_format', choices=['full', 'hash'], default='hash')
sign.add_argument("--align", type=alignment_value, required=True)
sign.add_argument("-v", "--version", type=version.decode_version,
default="0.0.0+0")