From 6a2626a9d0f69b2e1158edc63319e43892600e9e Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sun, 18 Jul 2021 14:14:24 -0600 Subject: doc: sandbox: Fix up dependencies These are out of date. Update them and point to the existing build instructions to avoid duplication. Add a few that are missing. Signed-off-by: Simon Glass --- doc/arch/sandbox.rst | 6 +----- doc/build/gcc.rst | 6 ++++-- 2 files changed, 5 insertions(+), 7 deletions(-) (limited to 'doc') diff --git a/doc/arch/sandbox.rst b/doc/arch/sandbox.rst index 9e23e1618c7..f8804e1f414 100644 --- a/doc/arch/sandbox.rst +++ b/doc/arch/sandbox.rst @@ -43,11 +43,7 @@ Note that standalone/API support is not available at present. Prerequisites ------------- -Here are some packages that are worth installing if you are doing sandbox or -tools development in U-Boot: - - python3-pytest lzma lzma-alone lz4 python3 python3-virtualenv - libssl1.0-dev +Install the dependencies noted in :doc:`../build/gcc`. Basic Operation diff --git a/doc/build/gcc.rst b/doc/build/gcc.rst index c51b3e73b83..8ffb4e3447b 100644 --- a/doc/build/gcc.rst +++ b/doc/build/gcc.rst @@ -26,8 +26,10 @@ Depending on the build targets further packages maybe needed sudo apt-get install bc bison build-essential coccinelle \ device-tree-compiler dfu-util efitools flex gdisk liblz4-tool \ libguestfs-tools libncurses-dev libpython3-dev libsdl2-dev libssl-dev \ - lzma-alone openssl python3 python3-coverage python3-pyelftools \ - python3-pytest python3-sphinxcontrib.apidoc python3-sphinx-rtd-theme swig + lz4 lzma lzma-alone openssl python3 python3-coverage \ + python3-pycryptodome python3-pyelftools python3-pytest \ + python3-sphinxcontrib.apidoc python3-sphinx-rtd-theme python3-virtualenv \ + swig SUSE based ~~~~~~~~~~ -- cgit v1.3.1 From 62b27a561c2868d95445905ad554297e43cc0f2b Mon Sep 17 00:00:00 2001 From: Marc Kleine-Budde Date: Fri, 23 Jul 2021 22:17:50 +0200 Subject: mkimage: use environment variable MKIMAGE_SIGN_PIN to set pin for OpenSSL Engine This patch adds the possibility to pass the PIN the OpenSSL Engine used during signing via the environment variable MKIMAGE_SIGN_PIN. This follows the approach used during kernel module signing ("KBUILD_SIGN_PIN") or UBIFS image signing ("MKIMAGE_SIGN_PIN"). Signed-off-by: Marc Kleine-Budde --- doc/uImage.FIT/signature.txt | 4 ++-- lib/rsa/rsa-sign.c | 11 +++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt index 7cb1c15e5e1..61a72db3c74 100644 --- a/doc/uImage.FIT/signature.txt +++ b/doc/uImage.FIT/signature.txt @@ -533,8 +533,8 @@ Generic engine key ids: or "" -As mkimage does not at this time support prompting for passwords HSM may need -key preloading wrapper to be used when invoking mkimage. +In order to set the pin in the HSM, an environment variable "MKIMAGE_SIGN_PIN" +can be specified. The following examples use the Nitrokey Pro using pkcs11 engine. Instructions for other devices may vary. diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index c64deac31f4..085dc89bf7b 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -338,6 +338,7 @@ static int rsa_init(void) static int rsa_engine_init(const char *engine_id, ENGINE **pe) { + const char *key_pass; ENGINE *e; int ret; @@ -362,10 +363,20 @@ static int rsa_engine_init(const char *engine_id, ENGINE **pe) goto err_set_rsa; } + key_pass = getenv("MKIMAGE_SIGN_PIN"); + if (key_pass) { + if (!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) { + fprintf(stderr, "Couldn't set PIN\n"); + ret = -1; + goto err_set_pin; + } + } + *pe = e; return 0; +err_set_pin: err_set_rsa: ENGINE_finish(e); err_engine_init: -- cgit v1.3.1