mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com>

commit: f1ca1fdebf1cde1c37c91b3d85f8b7af111112ea [log] [tgz]
author: George McCollister <george.mccollister@gmail.com> Fri Jan 06 13:14:17 2017 -0600
committer: Tom Rini <trini@konsulko.com> Sat Jan 14 16:47:13 2017 -0500
tree: b34c5ae6c177400ed6ed5524266cd2912138a292
parent: b1c6a54a534d2579db1375039a45572fe38d0ce8 [diff] [blame]
diff --git a/tools/fit_image.c b/tools/fit_image.c
index efd8a97..4dc8bd8 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c

@@ -59,7 +59,8 @@
 	if (!ret) {
 		ret = fit_add_verification_data(params->keydir, dest_blob, ptr,
 						params->comment,
-						params->require_keys);
+						params->require_keys,
+						params->engine_id);
 	}
 
 	if (dest_blob) {
commit	f1ca1fdebf1cde1c37c91b3d85f8b7af111112ea	[log] [tgz]
author	George McCollister <george.mccollister@gmail.com>	Fri Jan 06 13:14:17 2017 -0600
committer	Tom Rini <trini@konsulko.com>	Sat Jan 14 16:47:13 2017 -0500
tree	b34c5ae6c177400ed6ed5524266cd2912138a292
parent	b1c6a54a534d2579db1375039a45572fe38d0ce8 [diff] [blame]