mirror of
https://git.busybox.net/buildroot.git
synced 2025-01-10 06:23:38 +08:00
b026d97ed8
This commit adds an option to install fit_check_sign to target for fit image validation. This will allow a fit image to have its signature and hashes validated from Linux, assuming a device-tree of keys (the same as which is in u-boot) is available. Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
97 lines
3.0 KiB
Plaintext
97 lines
3.0 KiB
Plaintext
config BR2_PACKAGE_UBOOT_TOOLS
|
|
bool "u-boot tools"
|
|
help
|
|
Companion tools for Das U-Boot bootloader.
|
|
|
|
http://www.denx.de/wiki/U-Boot/WebHome
|
|
|
|
if BR2_PACKAGE_UBOOT_TOOLS
|
|
|
|
config BR2_PACKAGE_UBOOT_TOOLS_FIT_SUPPORT
|
|
bool "Flattened Image Tree (FIT) support"
|
|
depends on !BR2_STATIC_LIBS
|
|
select BR2_PACKAGE_DTC
|
|
select BR2_PACKAGE_DTC_PROGRAMS
|
|
help
|
|
Enables support for Flattened Image Tree (FIT).
|
|
|
|
This option allows to boot the new uImage structure,
|
|
Flattened Image Tree. FIT is formally a FDT, which can include
|
|
images of various types (kernel, FDT blob, ramdisk, etc.)
|
|
in a single blob. To boot this new uImage structure,
|
|
pass the address of the blob to the "bootm" command.
|
|
|
|
comment "u-boot tools FIT support needs a toolchain w/ dynamic library"
|
|
depends on BR2_STATIC_LIBS
|
|
|
|
if BR2_PACKAGE_UBOOT_TOOLS_FIT_SUPPORT
|
|
|
|
config BR2_PACKAGE_UBOOT_TOOLS_FIT_SIGNATURE_SUPPORT
|
|
bool "FIT signature verification support"
|
|
select BR2_PACKAGE_OPENSSL
|
|
help
|
|
Enables support for FIT Signature Verification.
|
|
|
|
Flat Image Trees (FIT) supports hashing of images so that
|
|
these hashes can be checked on loading. This protects
|
|
against corruption of the image. However it does not prevent
|
|
the substitution of one image for another.
|
|
|
|
The signature feature allows the hash to be signed with a
|
|
private key such that it can be verified using a public key
|
|
later. Provided that the private key is kept secret and the
|
|
public key is stored in a non-volatile place, any image can
|
|
be verified in this way.
|
|
|
|
Enabling this option pulls in a dependency on libssl and
|
|
libcrypto, and possibly GPL/OpenSSL licensing
|
|
incompatibility issues.
|
|
|
|
config BR2_PACKAGE_UBOOT_TOOLS_FIT_CHECK_SIGN
|
|
bool "fit_check_sign"
|
|
depends on BR2_PACKAGE_UBOOT_TOOLS_FIT_SIGNATURE_SUPPORT
|
|
help
|
|
Install the fit_check_sign tool on the target system
|
|
|
|
The fit_check_sign tool from Das U-Boot bootloader, which
|
|
allows FIT image signature validation on target system.
|
|
|
|
endif
|
|
|
|
config BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE
|
|
bool "mkimage"
|
|
help
|
|
Install the mkimage tool on the target system
|
|
|
|
The mkimage tool from Das U-Boot bootloader, which allows
|
|
generation of U-Boot images in various formats.
|
|
|
|
config BR2_PACKAGE_UBOOT_TOOLS_MKENVIMAGE
|
|
bool "mkenvimage"
|
|
help
|
|
Install the mkenvimage tool on the target system
|
|
|
|
The mkenvimage tool from Das U-Boot bootloader, which allows
|
|
generation of a valid binary environment image from a text
|
|
file describing the key=value pairs of the environment.
|
|
|
|
config BR2_PACKAGE_UBOOT_TOOLS_FWPRINTENV
|
|
bool "fw_printenv"
|
|
default y
|
|
help
|
|
Install the fw_printenv / fw_setenv tools on the target system
|
|
|
|
The fw_printenv and fw_setenv tools from Das U-Boot
|
|
bootloader, which allows access to the U-Boot environment
|
|
from Linux.
|
|
|
|
config BR2_PACKAGE_UBOOT_TOOLS_DUMPIMAGE
|
|
bool "dumpimage"
|
|
help
|
|
Install the dumpimage tool on the target system
|
|
|
|
The dumpimage tool from Das U-Boot bootloader, which allows
|
|
extraction of data from U-Boot images.
|
|
|
|
endif
|