TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 0f0c6a808d6e77b7d4feb59e40d8cc8f20d1a95d^! / . / scripts
commit0f0c6a808d6e77b7d4feb59e40d8cc8f20d1a95d[log] [tgz]
authorDavid Brown <david.brown@linaro.org>Thu Jun 08 09:26:24 2017 -0600
committerDavid Brown <david.brown@linaro.org>Tue Jun 13 15:45:06 2017 -0400
tree77524685dd0d30f084241f027c1b147a08ec08ce
parentb119424aa878e0e3329a9b24fc8c3e64a1373b9f [diff]
imgtool: Allow --key to be optional when signing

If the --key is not specified, only the SHA256 hash is added to the TLV.
This is useful for testing configurations, where the crypto has not been
fully configured.  Note that this configuration is not secure, and this
only verifies that the image has not been corrupted.

diff --git a/scripts/imgtool.py b/scripts/imgtool.py
index fb09f96..e0a8106 100755
--- a/scripts/imgtool.py
+++ b/scripts/imgtool.py

@@ -35,7 +35,7 @@
     img = image.Image.load(args.infile, version=args.version,
             header_size=args.header_size,
             pad=args.pad)
-    key = keys.load(args.key)
+    key = keys.load(args.key) if args.key else None
     img.sign(key)
 
     if args.pad:
@@ -75,7 +75,7 @@
     getpub.add_argument('-k', '--key', metavar='filename', required=True)
 
     sign = subs.add_parser('sign', help='Sign an image with a private key')
-    sign.add_argument('-k', '--key', metavar='filename', required=True)
+    sign.add_argument('-k', '--key', metavar='filename')
     sign.add_argument("--align", type=alignment_value, required=True)
     sign.add_argument("-v", "--version", type=version.decode_version, required=True)
     sign.add_argument("-H", "--header-size", type=intparse, required=True)

diff --git a/scripts/imgtool/image.py b/scripts/imgtool/image.py
index c4bedfe..f270268 100644
--- a/scripts/imgtool/image.py
+++ b/scripts/imgtool/image.py

@@ -101,8 +101,9 @@
 
         tlv.add('SHA256', digest)
 
-        sig = key.sign(self.payload)
-        tlv.add(key.sig_tlv(), sig)
+        if key is not None:
+            sig = key.sign(self.payload)
+            tlv.add(key.sig_tlv(), sig)
 
         self.payload += tlv.get()
 
@@ -112,9 +113,11 @@
         The key is needed to know the type of signature, and
         approximate the size of the signature."""
 
-        flags = IMAGE_F[key.sig_type()]
+        flags = 0
         tlvsz = 0
-        tlvsz += TLV_HEADER_SIZE + key.sig_len()
+        if key is not None:
+            flags |= IMAGE_F[key.sig_type()]
+            tlvsz += TLV_HEADER_SIZE + key.sig_len()
 
         flags |= IMAGE_F['SHA256']
         tlvsz += 4 + hashlib.sha256().digest_size