Commit 08a716dc authored by Fabio Utzig's avatar Fabio Utzig Committed by Fabio Utzig
Browse files

imgtool: fix --vector-to-sign usage 



`--vector-to-sign` only exports the image payload, or digest, to be
signed externally; it doesn't require any keys to be provided. This
commit moves the code outside a key required block, after the payload
and digest were already calculated from "image + headers + protected
TLVs".

Signed-off-by: default avatarFabio Utzig <utzig@apache.org>
parent e009e19b

scripts/imgtool/image.py

+10 −10
Original line number Diff line number Diff line
@@ -434,15 +434,9 @@ class Image(): 


        tlv.add('SHA256', digest)



        if key is not None or fixed_sig is not None:

            if public_key_format == 'hash':

                tlv.add('KEYHASH', pubbytes)

            else:

                tlv.add('PUBKEY', pub)



        if vector_to_sign == 'payload':

            # Stop amending data to the image

                # Just keep data vector which is expected to be sigend

            # Just keep data vector which is expected to be signed

            print(os.path.basename(__file__) + ': export payload')

            return

        elif vector_to_sign == 'digest':
@@ -450,6 +444,12 @@ class Image(): 
            print(os.path.basename(__file__) + ': export digest')

            return



        if key is not None or fixed_sig is not None:

            if public_key_format == 'hash':

                tlv.add('KEYHASH', pubbytes)

            else:

                tlv.add('PUBKEY', pub)



            if key is not None and fixed_sig is None:

                # `sign` expects the full image payload (sha256 done internally),

                # while `sign_digest` expects only the digest of the payload

CRA Git | Maintained and supported by SUSTech CRA and CCSE