commit 5b123e010954d8f6ef24dd0cb1a8cbe1d7d53851
author Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Sun Jun 16 20:53:38 2019 +0300
committer Tom Rini <trini@konsulko.com> Thu Jul 18 11:31:23 2019 -0400
tree cca21fad52e79da0f23dcad1e0866a3b7ad03a39
parent 0e80dda32c8d724c2a98dbbfb2f1e59762788f15

lib: rsa: add support to other openssl engine types than pkcs11

There are multiple other openssl engines used by HSMs that can be used to
sign FIT images instead of forcing users to use pkcs11 type of service.

Relax engine selection so that other openssl engines can be specified and
use generic key id definition formula.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Cc: Tom Rini <trini@konsulko.com>

tools/mkimage.c

diff --git a/tools/mkimage.c b/tools/mkimage.c
index d1e1a67..4217188 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -105,7 +105,7 @@
 		"          -F => re-sign existing FIT image\n"
 		"          -p => place external data at a static position\n"
 		"          -r => mark keys used as 'required' in dtb\n"
-		"          -N => engine to use for signing (pkcs11)\n");
+		"          -N => openssl engine to use for signing\n");
 #else
 	fprintf(stderr,
 		"Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");