Boot: Add hardware key handling to signing script
Add an optional command line parameter to image signing script
to distinguish where the public key is stored for image
authentication: embedded in MCUBoot or in the image manifest.
Change-Id: I75542e2ee7138e8b2e3891c78293283c0839e81b
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/bl2/ext/mcuboot/scripts/imgtool_lib/keys.py b/bl2/ext/mcuboot/scripts/imgtool_lib/keys.py
index f17f173..b652d90 100644
--- a/bl2/ext/mcuboot/scripts/imgtool_lib/keys.py
+++ b/bl2/ext/mcuboot/scripts/imgtool_lib/keys.py
@@ -43,13 +43,17 @@
namedtype.NamedType('publicExponent', univ.Integer()))
class RSAutil():
- def __init__(self, key):
+ def __init__(self, key, public_key_format='hash'):
"""Construct an RSA key with the given key data"""
self.key = key
+ self.public_key_format = public_key_format
def key_size(self):
return self.key.n.bit_length()
+ def get_public_key_format(self):
+ return self.public_key_format
+
@staticmethod
def generate(key_size=2048):
if key_size not in RSA_KEY_SIZES:
@@ -104,11 +108,11 @@
assert len(signature) == self.sig_len()
return signature
-def load(path):
+def load(path, public_key_format='hash'):
with open(path, 'rb') as f:
pem = f.read()
try:
key = RSA.importKey(pem)
- return RSAutil(key)
+ return RSAutil(key, public_key_format)
except ValueError:
raise Exception("Unsupported RSA key file")