mkimage: Add support for signing with pkcs11

Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com>
author: George McCollister <george.mccollister@gmail.com> 2017-01-06 19:14:17 (GMT)
committer: Tom Rini <trini@konsulko.com> 2017-01-14 21:47:13 (GMT)
commit: f1ca1fdebf1cde1c37c91b3d85f8b7af111112ea (patch)
tree: b34c5ae6c177400ed6ed5524266cd2912138a292 /tools/imagetool.h
parent: b1c6a54a534d2579db1375039a45572fe38d0ce8 (diff)
download: u-boot-f1ca1fdebf1cde1c37c91b3d85f8b7af111112ea.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/tools/imagetool.h b/tools/imagetool.h
index 15c2a0c..a8d5054 100644
--- a/tools/imagetool.h
+++ b/tools/imagetool.h
@@ -76,6 +76,7 @@ struct image_tool_params {
 	bool external_data;	/* Store data outside the FIT */
 	bool quiet;		/* Don't output text in normal operation */
 	unsigned int external_offset;	/* Add padding to external data */
+	const char *engine_id;	/* Engine to use for signing */
 };
 
 /*
author	George McCollister <george.mccollister@gmail.com>	2017-01-06 19:14:17 (GMT)
committer	Tom Rini <trini@konsulko.com>	2017-01-14 21:47:13 (GMT)
commit	f1ca1fdebf1cde1c37c91b3d85f8b7af111112ea (patch)
tree	b34c5ae6c177400ed6ed5524266cd2912138a292 /tools/imagetool.h
parent	b1c6a54a534d2579db1375039a45572fe38d0ce8 (diff)
download	u-boot-f1ca1fdebf1cde1c37c91b3d85f8b7af111112ea.tar.xz