u-boot.git/tools/image-host.c, branch master Unnamed repository; edit this file 'description' to name the repository. treewide: fix uImage.FIT document paths 2026-03-27T09:50:29+00:00 Daniel Golle daniel@makrotopia.org 2026-02-27T00:03:29+00:00 72cc446490e74fdf392f5e049cf8fd28d9c6818d Commit 488445cefa1 ("doc: Move FIT into its own directory") moved the documentation in doc/uImage.FIT to doc/usage/fit, subsequently all documents and example sources have been converted to reStructuredText. Fix (almost) all of the remaining occurrences of the old path and filenames across the tree. The exception is doc/uImage.FIT/command_syntax_extensions.txt which apparently has been removed entirely, or at least I was unable to locate where that document is now. Signed-off-by: Daniel Golle <daniel@makrotopia.org> 
Commit 488445cefa1 ("doc: Move FIT into its own directory") moved the
documentation in doc/uImage.FIT to doc/usage/fit, subsequently all
documents and example sources have been converted to reStructuredText.

Fix (almost) all of the remaining occurrences of the old path and
filenames across the tree.

The exception is doc/uImage.FIT/command_syntax_extensions.txt which
apparently has been removed entirely, or at least I was unable to
locate where that document is now.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
tools: Handle realloc failure in strlist_add 2026-01-28T20:41:21+00:00 Francois Berder fberder@outlook.fr 2026-01-19T14:49:06+00:00 3a53a03f50118e329a0f38bd28ea5f7d8e22147a If realloc fails, list->strings was set to NULL and it would create a leak. This commit ensures that if we cannot add a string to the list, the list stays in a good state. Signed-off-by: Francois Berder <fberder@outlook.fr> 
If realloc fails, list->strings was set to NULL and
it would create a leak. This commit ensures that if we cannot
add a string to the list, the list stays in a good state.

Signed-off-by: Francois Berder <fberder@outlook.fr>
fit: support signing with only an engine_id 2025-12-06T17:43:08+00:00 Quentin Schulz quentin.schulz@cherry.de 2025-11-21T17:14:57+00:00 5207e1ff20ff26e0f3969b13701bb38610183c6a Currently, when one wants to use an OpenSSL engine to sign a FIT image, one needs to pass a keydir (via -k) to mkimage which will then be prepended to the value of the key-name-hint before being passed as key_id argument to the OpenSSL Engine API, or pass a keyfile (via -G) to mkimage. My OpenSSL engine only has "slots" which are not mapped like directories, so using keydir is not proper, though I could simply have -k '' I guess but this won't work currently with binman anyway. Additionally, passing a keyfile (-G) when using an engine doesn't make sense as the key is stored in the engine. Let simply allow FIT images be signed if both keydir and keyfile are missing but an engine is to be used. The keyname member is already filled by looking at key-name-hint property in the FIT and passed to the engine, which is exactly what is needed here. Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> 
Currently, when one wants to use an OpenSSL engine to sign a FIT image,
one needs to pass a keydir (via -k) to mkimage which will then be
prepended to the value of the key-name-hint before being passed as
key_id argument to the OpenSSL Engine API, or pass a keyfile (via -G) to
mkimage.

My OpenSSL engine only has "slots" which are not mapped like
directories, so using keydir is not proper, though I could simply have
-k '' I guess but this won't work currently with binman anyway.

Additionally, passing a keyfile (-G) when using an engine doesn't make
sense as the key is stored in the engine.

Let simply allow FIT images be signed if both keydir and keyfile are
missing but an engine is to be used.

The keyname member is already filled by looking at key-name-hint
property in the FIT and passed to the engine, which is exactly what is
needed here.

Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
lib: rsa: fix compilation error without openssl 2025-06-22T16:16:39+00:00 Shiji Yang yangshiji66@outlook.com 2025-06-19T16:38:17+00:00 961e260cdcd01d68c8dae87eef67e116f1a67aed The symbol TOOLS_IMAGE_PRE_LOAD doesn't depend on TOOLS_LIBCRYPTO. If we choose to build tools without openssl, rsa_verify_openssl() will attempt to call the unavailable openssl library functions. Fixes: 942c8c8e6697 ("rsa: Add rsa_verify_openssl() to use openssl for host builds") Signed-off-by: Shiji Yang <yangshiji66@outlook.com> 
The symbol TOOLS_IMAGE_PRE_LOAD doesn't depend on TOOLS_LIBCRYPTO.
If we choose to build tools without openssl, rsa_verify_openssl()
will attempt to call the unavailable openssl library functions.

Fixes: 942c8c8e6697 ("rsa: Add rsa_verify_openssl() to use openssl for host builds")
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Merge patch series "rsa: Add rsa_verify_openssl() to use openssl for host builds" 2025-02-28T22:51:10+00:00 Tom Rini trini@konsulko.com 2025-02-28T22:51:10+00:00 5bc4240eb65c378eeca3f45069eeb125cd01ceed Paul HENRYS <paul.henrys_ext@softathome.com> says: This serie of patches adds a new tool to authenticate files signed with a preload header. This tool is also used in the tests to actually verify the authenticity of the file signed with such a preload header. Link: https://lore.kernel.org/r/20250224212055.2992852-1-paul.henrys_ext@softathome.com 
Paul HENRYS <paul.henrys_ext@softathome.com> says:

This serie of patches adds a new tool to authenticate files signed with
a preload header.  This tool is also used in the tests to actually
verify the authenticity of the file signed with such a preload header.

Link: https://lore.kernel.org/r/20250224212055.2992852-1-paul.henrys_ext@softathome.com
rsa: Add rsa_verify_openssl() to use openssl for host builds 2025-02-28T22:51:01+00:00 Paul HENRYS paul.henrys_ext@softathome.com 2025-02-24T21:20:50+00:00 942c8c8e669739d2e8dec67a7ed90158defc93ed rsa_verify_openssl() is used in lib/rsa/rsa-verify.c to authenticate data when building host tools. Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com> 
rsa_verify_openssl() is used in lib/rsa/rsa-verify.c to authenticate data
when building host tools.

Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Merge tag 'v2025.04-rc3' into next 2025-02-24T23:15:14+00:00 Tom Rini trini@konsulko.com 2025-02-24T23:15:14+00:00 3ecda19009ebbe46a64b0629f8b64173c7a551c0 Prepare v2025.04-rc3 
Prepare v2025.04-rc3
Revert "Merge patch series "Add preload_check_sign tool"" 2025-02-24T16:32:04+00:00 Tom Rini trini@konsulko.com 2025-02-24T16:32:04+00:00 523a56cc54637a0c04a1e87c262599faf26d7d69 This reverts commit c8750efe02c20725388dd4279896aaf306acfad4, reversing changes made to 8c6cf8aeea7e57ca686de8b765e4baf3a7ef1fa7. Unfortunately these changes do not build on macOS hosts. Signed-off-by: Tom Rini <trini@konsulko.com> 
This reverts commit c8750efe02c20725388dd4279896aaf306acfad4, reversing
changes made to 8c6cf8aeea7e57ca686de8b765e4baf3a7ef1fa7.

Unfortunately these changes do not build on macOS hosts.

Signed-off-by: Tom Rini <trini@konsulko.com>
Merge patch series "Add preload_check_sign tool" 2025-02-21T17:37:27+00:00 Tom Rini trini@konsulko.com 2025-02-21T14:34:34+00:00 c8750efe02c20725388dd4279896aaf306acfad4 Paul HENRYS <paul.henrys_ext@softathome.com> says: This serie of patches adds a new tool to authenticate files signed with a preload header. This tool is also used in the tests to actually verify the authenticity of the file signed with such a preload header. Link: https://lore.kernel.org/r/20250212093126.3722186-1-paul.henrys_ext@softathome.com 
Paul HENRYS <paul.henrys_ext@softathome.com> says:

This serie of patches adds a new tool to authenticate files signed
with a preload header.
This tool is also used in the tests to actually verify the
authenticity of the file signed with such a preload header.

Link: https://lore.kernel.org/r/20250212093126.3722186-1-paul.henrys_ext@softathome.com
rsa: Add rsa_verify_openssl() to use openssl for host builds 2025-02-21T14:34:21+00:00 Paul HENRYS paul.henrys_ext@softathome.com 2025-02-12T09:31:21+00:00 77718437862ee849bd8818c482208aaa92363c8d rsa_verify_openssl() is used in lib/rsa/rsa-verify.c to authenticate data when building host tools. Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com> 
rsa_verify_openssl() is used in lib/rsa/rsa-verify.c to authenticate data
when building host tools.

Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>