mkimage: fit: add support to encrypt image with aes
This commit add the support of encrypting image with aes
in mkimage. To enable the ciphering, a node cipher with
a reference to a key and IV (Initialization Vector) must
be added to the its file. Then mkimage add the encrypted
image to the FIT and add the key and IV to the u-boot
device tree.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
diff --git a/tools/Makefile b/tools/Makefile
index 345bc84..051127a 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -59,6 +59,7 @@
FIT_OBJS-$(CONFIG_FIT) := fit_common.o fit_image.o image-host.o common/image-fit.o
FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := common/image-sig.o
+FIT_CIPHER_OBJS-$(CONFIG_FIT_CIPHER) := common/image-cipher.o
# The following files are synced with upstream DTC.
# Use synced versions from scripts/dtc/libfdt/.
@@ -75,6 +76,9 @@
rsa-sign.o rsa-verify.o rsa-checksum.o \
rsa-mod-exp.o)
+AES_OBJS-$(CONFIG_FIT_CIPHER) := $(addprefix lib/aes/, \
+ aes-encrypt.o)
+
ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
# common objs for dumpimage and mkimage
@@ -82,6 +86,7 @@
atmelimage.o \
$(FIT_OBJS-y) \
$(FIT_SIG_OBJS-y) \
+ $(FIT_CIPHER_OBJS-y) \
common/bootm.o \
lib/crc32.o \
default_image.o \
@@ -116,7 +121,8 @@
gpimage.o \
gpimage-common.o \
mtk_image.o \
- $(RSA_OBJS-y)
+ $(RSA_OBJS-y) \
+ $(AES_OBJS-y)
dumpimage-objs := $(dumpimage-mkimage-objs) dumpimage.o
mkimage-objs := $(dumpimage-mkimage-objs) mkimage.o
@@ -137,6 +143,12 @@
HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=$(CONFIG_FIT_SIGNATURE_MAX_SIZE)
endif
+ifdef CONFIG_FIT_CIPHER
+# This affects include/image.h, but including the board config file
+# is tricky, so manually define this options here.
+HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER
+endif
+
ifdef CONFIG_SYS_U_BOOT_OFFS
HOSTCFLAGS_kwbimage.o += -DCONFIG_SYS_U_BOOT_OFFS=$(CONFIG_SYS_U_BOOT_OFFS)
endif