mkimage: Support signing 'auto' FITs
This adds support for signing images in auto-generated FITs. To do this,
we need to add a signature node. The algorithm name property already has
its own option, but we need one for the key name hint. We could have
gone the -G route and added an explicit name for the public key (like
what is done for the private key). However, many places assume the
public key can be constructed from the key dir and hint, and I don't
want to do the refactoring necessary.
As a consequence of this, it is now easier to add public keys to an
existing image without signing something. This could be done all along,
but now you don't have to create an its just to do it. Ideally, we
wouldn't create a FIT at the end. This could be done by calling
fit_image_setup_sig/info.crypto->add_verify_data directly.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
diff --git a/tools/imagetool.h b/tools/imagetool.h
index 05dd94d..ca7c2e4 100644
--- a/tools/imagetool.h
+++ b/tools/imagetool.h
@@ -71,6 +71,7 @@
const char *keydir; /* Directory holding private keys */
const char *keydest; /* Destination .dtb for public key */
const char *keyfile; /* Filename of private or public key */
+ const char *keyname; /* Key name "hint" */
const char *comment; /* Comment to add to signature node */
/* Algorithm name to use for hashing/signing or NULL to use the one
* specified in the its */