mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-07 16:59:22 +00:00
Code Issues Projects Releases Wiki Activity

ref-manual: document authentication key variables

Browse Source 
This documents the variables used to create keys for
signing fitImage.

(From yocto-docs rev: 7d0407249907259b59191e3759a3b140d30d993e)

Signed-off-by: Usama Arif <usama.arif@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Usama Arif
2020-10-01 10:27:13 +01:00
committed by Richard Purdie
parent 2607799cfb
commit 60319a78dc
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/ref-manual/ref-classes.rst
+3 -1
View File
@@ -1413,7 +1413,9 @@ variables :term:`UBOOT_SIGN_ENABLE`, :term:`UBOOT_MKIMAGE_DTCOPTS`,
:term:`UBOOT_SIGN_KEYDIR` and :term:`UBOOT_SIGN_KEYNAME` are set
appropriately. The default values used for :term:`FIT_HASH_ALG` and
:term:`FIT_SIGN_ALG` in ``kernel-fitimage`` are "sha256" and
"rsa2048" respectively.
"rsa2048" respectively. The keys for signing fitImage can be generated using
the ``kernel-fitimage`` class when both :term:`FIT_GENERATE_KEYS` and
:term:`UBOOT_SIGN_ENABLE` are set to "1".
.. _ref-classes-kernel-grub:
documentation/ref-manual/ref-variables.rst
+23
View File
@@ -2585,13 +2585,36 @@ system and gives an overview of their function and contents.
For guidance on how to create your own file permissions settings
table file, examine the existing ``fs-perms.txt``.
FIT_GENERATE_KEYS
Decides whether to generate the keys for signing fitImage if they
don't already exist. The keys are created in ``UBOOT_SIGN_KEYDIR``.
The default value is 0.
FIT_HASH_ALG
Specifies the hash algorithm used in creating the FIT Image. For e.g. sha256.
FIT_KEY_GENRSA_ARGS
Arguments to openssl genrsa for generating RSA private key for signing
fitImage. The default value is "-F4". i.e. the public exponent 65537 to
use.
FIT_KEY_REQ_ARGS
Arguments to openssl req for generating certificate for signing fitImage.
The default value is "-batch -new". batch for non interactive mode
and new for generating new keys.
FIT_KEY_SIGN_PKCS
Format for public key ceritifcate used in signing fitImage.
The default value is "x509".
FIT_SIGN_ALG
Specifies the signature algorithm used in creating the FIT Image.
For e.g. rsa2048.
FIT_SIGN_NUMBITS
Size of private key in number of bits used in fitImage. The default
value is "2048".
FONT_EXTRA_RDEPENDS
When inheriting the :ref:`fontcache <ref-classes-fontcache>` class,
this variable specifies the runtime dependencies for font packages.