[yocto] U-boot tool/mkimage Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)

[Bill zhang]

Hi all,

I want to use U-boot tool "mkimage" to sign images with RSA keys for secure
boot, but the mkimage built from YOCTO v1.7 does not support options:
-k,-K,

when run command:
${mkimage} -D "${dtc}" -F -k dev-keys -K sandbox-u-boot.dtb \
-r test.fit >${tmp},

it failed, with usage() printed out:

mkimage -l
Usage: ./mkimage -l image
          -l ==> list image header information
       ./mkimage [-x] -A arch -O os -T type -C comp -a addr -e ep -n name
-d data_file[:data_file...] image
          -A ==> set architecture to 'arch'
          -O ==> set operating system to 'os'
          -T ==> set image type to 'type'
          -C ==> set compression type 'comp'
          -a ==> set load address to 'addr' (hex)
          -e ==> set entry point to 'ep' (hex)
          -n ==> set image name to 'name'
          -d ==> use image data from 'datafile'
          -x ==> set XIP (execute in place)
       ./mkimage [-D dtc_options] [-f fit-image.its|-F] fit-image
          -D => set options for device tree compiler
          -f => input filename for FIT source
Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)
       ./mkimage -V ==> print version information and exit

How to build tools "mkimage" with  "signing/verifying enabled" ?

Thanks
Leo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20160720/57ba5b4b/attachment.html>