ref-manual: document authentication key variables

This documents the variables used to create keys for signing fitImage. (From yocto-docs rev: 7d0407249907259b59191e3759a3b140d30d993e) Signed-off-by: Usama Arif <usama.arif@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Usama Arif <usama.arif@arm.com> 2020-10-01 10:27:13 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-10-01 21:29:31 +0100
commit: 60319a78dcb8cc83811f06c9ccbf3442b35de070 (patch)
tree: 9fd901e248ad1a0fb74c5078f137f7d373791921 /documentation
parent: 2607799cfb9312a424d096585a577198d977d379 (diff)
download: poky-60319a78dcb8cc83811f06c9ccbf3442b35de070.tar.gz
2 files changed, 26 insertions, 1 deletions
diff --git a/documentation/ref-manual/ref-classes.rst b/documentation/ref-manual/ref-classes.rst
index 60ce8efd21..b007e34826 100644
--- a/documentation/ref-manual/ref-classes.rst
+++ b/documentation/ref-manual/ref-classes.rst
@@ -1413,7 +1413,9 @@ variables :term:`UBOOT_SIGN_ENABLE`, :term:`UBOOT_MKIMAGE_DTCOPTS`,
 :term:`UBOOT_SIGN_KEYDIR` and :term:`UBOOT_SIGN_KEYNAME` are set
 appropriately. The default values used for :term:`FIT_HASH_ALG` and
 :term:`FIT_SIGN_ALG` in ``kernel-fitimage`` are "sha256" and
-"rsa2048" respectively.
+"rsa2048" respectively. The keys for signing fitImage can be generated using
+the ``kernel-fitimage`` class when both :term:`FIT_GENERATE_KEYS` and
+:term:`UBOOT_SIGN_ENABLE` are set to "1".
 .. _ref-classes-kernel-grub:
diff --git a/documentation/ref-manual/ref-variables.rst b/documentation/ref-manual/ref-variables.rst
index cf37703814..2d6719df11 100644
--- a/documentation/ref-manual/ref-variables.rst
+++ b/documentation/ref-manual/ref-variables.rst
@@ -2585,13 +2585,36 @@ system and gives an overview of their function and contents.
      For guidance on how to create your own file permissions settings
      table file, examine the existing ``fs-perms.txt``.
+   FIT_GENERATE_KEYS
+      Decides whether to generate the keys for signing fitImage if they
+      don't already exist. The keys are created in ``UBOOT_SIGN_KEYDIR``.
+      The default value is 0.
   FIT_HASH_ALG
      Specifies the hash algorithm used in creating the FIT Image. For e.g. sha256.
+   FIT_KEY_GENRSA_ARGS
+      Arguments to openssl genrsa for generating RSA private key for signing
+      fitImage. The default value is "-F4". i.e. the public exponent 65537 to
+      use.
+   FIT_KEY_REQ_ARGS
+      Arguments to openssl req for generating certificate for signing fitImage.
+      The default value is "-batch -new". batch for non interactive mode
+      and new for generating new keys.
+   FIT_KEY_SIGN_PKCS
+      Format for public key ceritifcate used in signing fitImage.
+      The default value is "x509".
   FIT_SIGN_ALG
      Specifies the signature algorithm used in creating the FIT Image.
      For e.g. rsa2048.
+   FIT_SIGN_NUMBITS
+      Size of private key in number of bits used in fitImage. The default
+      value is "2048".
   FONT_EXTRA_RDEPENDS
      When inheriting the :ref:`fontcache <ref-classes-fontcache>` class,
      this variable specifies the runtime dependencies for font packages.
author	Usama Arif <usama.arif@arm.com>	2020-10-01 10:27:13 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-10-01 21:29:31 +0100
commit	60319a78dcb8cc83811f06c9ccbf3442b35de070 (patch)
tree	9fd901e248ad1a0fb74c5078f137f7d373791921 /documentation
parent	2607799cfb9312a424d096585a577198d977d379 (diff)
download	poky-60319a78dcb8cc83811f06c9ccbf3442b35de070.tar.gz

diff --git a/documentation/ref-manual/ref-classes.rst b/documentation/ref-manual/ref-classes.rst index 60ce8efd21..b007e34826 100644 --- a/documentation/ref-manual/ref-classes.rst +++ b/documentation/ref-manual/ref-classes.rst
@@ -1413,7 +1413,9 @@ variables :term:`UBOOT_SIGN_ENABLE`, :term:`UBOOT_MKIMAGE_DTCOPTS`,
1413	:term:`UBOOT_SIGN_KEYDIR` and :term:`UBOOT_SIGN_KEYNAME` are set	1413	:term:`UBOOT_SIGN_KEYDIR` and :term:`UBOOT_SIGN_KEYNAME` are set
1414	appropriately. The default values used for :term:`FIT_HASH_ALG` and	1414	appropriately. The default values used for :term:`FIT_HASH_ALG` and
1415	:term:`FIT_SIGN_ALG` in ``kernel-fitimage`` are "sha256" and	1415	:term:`FIT_SIGN_ALG` in ``kernel-fitimage`` are "sha256" and
1416	"rsa2048" respectively.	1416	"rsa2048" respectively. The keys for signing fitImage can be generated using
		1417	the ``kernel-fitimage`` class when both :term:`FIT_GENERATE_KEYS` and
		1418	:term:`UBOOT_SIGN_ENABLE` are set to "1".
1417		1419
1418		1420
1419	.. _ref-classes-kernel-grub:	1421	.. _ref-classes-kernel-grub:


diff --git a/documentation/ref-manual/ref-variables.rst b/documentation/ref-manual/ref-variables.rst index cf37703814..2d6719df11 100644 --- a/documentation/ref-manual/ref-variables.rst +++ b/documentation/ref-manual/ref-variables.rst
@@ -2585,13 +2585,36 @@ system and gives an overview of their function and contents.
2585	For guidance on how to create your own file permissions settings	2585	For guidance on how to create your own file permissions settings
2586	table file, examine the existing ``fs-perms.txt``.	2586	table file, examine the existing ``fs-perms.txt``.
2587		2587
		2588	FIT_GENERATE_KEYS
		2589	Decides whether to generate the keys for signing fitImage if they
		2590	don't already exist. The keys are created in ``UBOOT_SIGN_KEYDIR``.
		2591	The default value is 0.
		2592
2588	FIT_HASH_ALG	2593	FIT_HASH_ALG
2589	Specifies the hash algorithm used in creating the FIT Image. For e.g. sha256.	2594	Specifies the hash algorithm used in creating the FIT Image. For e.g. sha256.
2590		2595
		2596	FIT_KEY_GENRSA_ARGS
		2597	Arguments to openssl genrsa for generating RSA private key for signing
		2598	fitImage. The default value is "-F4". i.e. the public exponent 65537 to
		2599	use.
		2600
		2601	FIT_KEY_REQ_ARGS
		2602	Arguments to openssl req for generating certificate for signing fitImage.
		2603	The default value is "-batch -new". batch for non interactive mode
		2604	and new for generating new keys.
		2605
		2606	FIT_KEY_SIGN_PKCS
		2607	Format for public key ceritifcate used in signing fitImage.
		2608	The default value is "x509".
		2609
2591	FIT_SIGN_ALG	2610	FIT_SIGN_ALG
2592	Specifies the signature algorithm used in creating the FIT Image.	2611	Specifies the signature algorithm used in creating the FIT Image.
2593	For e.g. rsa2048.	2612	For e.g. rsa2048.
2594		2613
		2614	FIT_SIGN_NUMBITS
		2615	Size of private key in number of bits used in fitImage. The default
		2616	value is "2048".
		2617
2595	FONT_EXTRA_RDEPENDS	2618	FONT_EXTRA_RDEPENDS
2596	When inheriting the :ref:`fontcache <ref-classes-fontcache>` class,	2619	When inheriting the :ref:`fontcache <ref-classes-fontcache>` class,
2597	this variable specifies the runtime dependencies for font packages.	2620	this variable specifies the runtime dependencies for font packages.