Commit f72e3741 authored by Andrzej Puzdrowski's avatar Andrzej Puzdrowski Committed by David Brown
Browse files

imgtool: image signature export 



Extend sign/create command so it now allow to export the image
signature to the file pointed by --sig-out option.
The image signature will be encoded as base64 formatted string.

Signed-off-by: default avatarAndrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
parent 160303c2

scripts/imgtool/image.py

+2 −0
Original line number Diff line number Diff line
@@ -447,12 +447,14 @@ class Image(): 
            else:

                sig = key.sign_digest(digest)

            tlv.add(key.sig_tlv(), sig)

            self.signature = sig

        elif fixed_sig is not None and key is None:

            if public_key_format == 'hash':

                tlv.add('KEYHASH', pubbytes)

            else:

                tlv.add('PUBKEY', pub)

            tlv.add(pub_key.sig_tlv(), fixed_sig['value'])

            self.signature = fixed_sig['value']

        else:

            raise click.UsageError("Can not sign using key and provide fixed-signature at the same time")

scripts/imgtool/main.py

+13 −1
Original line number Diff line number Diff line
@@ -74,6 +74,11 @@ def load_signature(sigfile): 
        signature = base64.b64decode(f.read())

        return signature



def save_signature(sigfile, sig):

    with open(sigfile, 'wb') as f:

        signature = base64.b64encode(sig)

        f.write(signature)



def load_key(keyfile):

    # TODO: better handling of invalid pass-phrase

    key = keys.load(keyfile)
@@ -313,6 +318,9 @@ class BasedIntParamType(click.ParamType): 
              'the signature calculated using the public key')

@click.option('--fix-sig-pubkey', metavar='filename',

              help='public key relevant to fixed signature')

@click.option('--sig-out', metavar='filename',

              help='Path to the file to which signature will be written'

              'The image signature will be encoded as base64 formatted string')

@click.command(help='''Create a signed or unsigned image\n

               INFILE and OUTFILE are parsed as Intel HEX if the params have

               .hex extension, otherwise binary format is used''')
@@ -321,7 +329,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size, 
         endian, encrypt_keylen, encrypt, infile, outfile, dependencies,

         load_addr, hex_addr, erased_val, save_enctlv, security_counter,

         boot_record, custom_tlv, rom_fixed, max_align, clear, fix_sig,

         fix_sig_pubkey):

         fix_sig_pubkey, sig_out):



    if confirm:

        # Confirmed but non-padded images don't make much sense, because
@@ -388,6 +396,10 @@ def sign(key, public_key_format, align, version, pad_sig, header_size, 
               custom_tlvs, int(encrypt_keylen), clear, baked_signature, pub_key)

    img.save(outfile, hex_addr)



    if sig_out is not None:

        new_signature = img.get_signature()

        save_signature(sig_out, new_signature)





class AliasesGroup(click.Group):

CRA Git | Maintained and supported by SUSTech CRA and CCSE