From f1ca1fdebf1cde1c37c91b3d85f8b7af111112ea Mon Sep 17 00:00:00 2001
From: George McCollister <george.mccollister@gmail.com>
Date: Fri, 6 Jan 2017 13:14:17 -0600
Subject: mkimage: Add support for signing with pkcs11

Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
---
 tools/fit_image.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'tools/fit_image.c')

diff --git a/tools/fit_image.c b/tools/fit_image.c
index efd8a97a0b..4dc8bd8862 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -59,7 +59,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
 	if (!ret) {
 		ret = fit_add_verification_data(params->keydir, dest_blob, ptr,
 						params->comment,
-						params->require_keys);
+						params->require_keys,
+						params->engine_id);
 	}
 
 	if (dest_blob) {
-- 
cgit v1.2.3