mkimage: Add support for signing with pkcs11
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.
Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
diff --git a/tools/fit_image.c b/tools/fit_image.c
index efd8a97..4dc8bd8 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -59,7 +59,8 @@
if (!ret) {
ret = fit_add_verification_data(params->keydir, dest_blob, ptr,
params->comment,
- params->require_keys);
+ params->require_keys,
+ params->engine_id);
}
if (dest_blob) {