summaryrefslogtreecommitdiff
path: root/tools/fit_image.c
diff options
context:
space:
mode:
authorGeorge McCollister <george.mccollister@gmail.com>2017-01-06 13:14:17 -0600
committerTom Rini <trini@konsulko.com>2017-01-14 16:47:13 -0500
commitf1ca1fdebf1cde1c37c91b3d85f8b7af111112ea (patch)
treeb34c5ae6c177400ed6ed5524266cd2912138a292 /tools/fit_image.c
parentb1c6a54a534d2579db1375039a45572fe38d0ce8 (diff)
mkimage: Add support for signing with pkcs11
Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com>
Diffstat (limited to 'tools/fit_image.c')
-rw-r--r--tools/fit_image.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/tools/fit_image.c b/tools/fit_image.c
index efd8a97a0b9..4dc8bd88624 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -59,7 +59,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
if (!ret) {
ret = fit_add_verification_data(params->keydir, dest_blob, ptr,
params->comment,
- params->require_keys);
+ params->require_keys,
+ params->engine_id);
}
if (dest_blob) {