TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 3869e760901a27adff47ccaea803a42f1b0169c0^! / . / sign.sh
commit3869e760901a27adff47ccaea803a42f1b0169c0[log] [tgz]
authorDavid Brown <david.brown@linaro.org>Thu Feb 02 08:10:23 2017 -0700
committerDavid Brown <david.brown@linaro.org>Thu Feb 02 08:39:18 2017 -0700
treee952d74c5b98faf687e1731a80b10502a05c5280
parentbaff96ff23c8819a016e0b016a13fbf7e23922a8 [diff] [blame]
zephyr: Support RSA, and ECDSA P-256 signing

Make it clear in the top-level Makefile how to configure mcuboot for
Zephyr for a particular signing algorithm.  Currently supported, are the
RSA signatures, and ECDSA with the P-256 curve.  These configuration
lines will select the code built in the bootloader, as well as which
public key gets included with the image.

This also adds a demo public key for the P-256 signatures.

diff --git a/sign.sh b/sign.sh
index 6fe08f5..5c9989e 100755
--- a/sign.sh
+++ b/sign.sh

@@ -1,22 +1,48 @@
 #! /bin/sh
 
+# This script can be used as an example of how to sign images.
+
 source $(dirname $0)/target.sh
 
-./scripts/zep2newt.py \
-    --bin ../zephyr/samples/shell/outdir/$BOARD/zephyr.bin \
-    --key root.pem \
-    --sig RSA \
-    --out shell.signed.bin \
-    --vtoff 0x200 \
-    --word-size 8 \
-    --image-version 3 \
-    --bit --pad 0x20000
+# RSA signatures can be made with the signing script in the scripts
+# directory.
+if true; then
+	./scripts/zep2newt.py \
+	    --bin ../zephyr/samples/shell/outdir/$BOARD/zephyr.bin \
+	    --key root.pem \
+	    --sig RSA \
+	    --out shell.signed.bin \
+	    --vtoff 0x200 \
+	    --word-size 8 \
+	    --image-version 3 \
+	    --bit --pad 0x20000
 
-./scripts/zep2newt.py \
-    --bin ../zephyr/samples/hello_world/outdir/$BOARD/zephyr.bin \
-    --key root.pem \
-    --sig RSA \
-    --vtoff 0x200 \
-    --word-size 8 \
-    --image-version 2 \
-    --out hello.signed.bin
+	./scripts/zep2newt.py \
+	    --bin ../zephyr/samples/hello_world/outdir/$BOARD/zephyr.bin \
+	    --key root.pem \
+	    --sig RSA \
+	    --vtoff 0x200 \
+	    --word-size 8 \
+	    --image-version 2 \
+	    --out hello.signed.bin
+fi
+
+# Currently, ECDSA signatures need to be made with the imgtool.  See
+# 'imgtool' for instructions on building the tool.
+if false; then
+	imgtool sign \
+		--key root_ec.pem \
+		--header-size 0x200 \
+		--version 3.0 \
+		--align 8 \
+		--pad 0x20000 \
+		../zephyr/samples/shell/outdir/$BOARD/zephyr.bin \
+		shell.signed.bin
+
+	imgtool sign \
+		--key root_ec.pem \
+		--header-size 0x200 \
+		--version 3.0 \
+		../zephyr/samples/hello_world/outdir/$BOARD/zephyr.bin \
+		hello.signed.bin
+fi