Skip to content

Commit 7949e3f

Browse files
meremSTmeremST
committed
imgtool: add key password support
Imgtool can sign a binary for multiple boards, which requires the use of multiple key pairs. To simplify the automation of this process, a key password argument is added. Signed-off-by: Maxime Méré <[email protected]>
1 parent 461e060 commit 7949e3f

File tree

1 file changed

+8
-5
lines changed

1 file changed

+8
-5
lines changed

scripts/imgtool/main.py

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -99,14 +99,16 @@ def save_signature(sigfile, sig):
9999
f.write(signature)
100100

101101

102-
def load_key(keyfile):
102+
def load_key(keyfile, passwd=None):
103103
# TODO: better handling of invalid pass-phrase
104104
key = keys.load(keyfile)
105105
if key is not None:
106106
return key
107-
passwd = getpass.getpass("Enter key passphrase: ").encode('utf-8')
108-
return keys.load(keyfile, passwd)
109107

108+
if passwd is None:
109+
passwd = getpass.getpass("Enter key passphrase: ")
110+
111+
return keys.load(keyfile, passwd.encode('utf-8'))
110112

111113
def get_password():
112114
while True:
@@ -423,6 +425,7 @@ def convert(self, value, param, ctx):
423425
default='hash', help='In what format to add the public key to '
424426
'the image manifest: full key or hash of the key.')
425427
@click.option('-k', '--key', metavar='filename')
428+
@click.option('--key-pswd', required=False, help='Password for the key file')
426429
@click.option('--fix-sig', metavar='filename',
427430
help='fixed signature for the image. It will be used instead of '
428431
'the signature calculated using the public key')
@@ -447,7 +450,7 @@ def convert(self, value, param, ctx):
447450
@click.command(help='''Create a signed or unsigned image\n
448451
INFILE and OUTFILE are parsed as Intel HEX if the params have
449452
.hex extension, otherwise binary format is used''')
450-
def sign(key, public_key_format, align, version, pad_sig, header_size,
453+
def sign(key, key_pswd, public_key_format, align, version, pad_sig, header_size,
451454
pad_header, slot_size, pad, confirm, max_sectors, overwrite_only,
452455
endian, encrypt_keylen, encrypt, compression, infile, outfile,
453456
dependencies, load_addr, hex_addr, erased_val, save_enctlv,
@@ -469,7 +472,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,
469472
non_bootable=non_bootable)
470473
compression_tlvs = {}
471474
img.load(infile)
472-
key = load_key(key) if key else None
475+
key = load_key(key, passwd=key_pswd) if key else None
473476
enckey = load_key(encrypt) if encrypt else None
474477
if enckey and key:
475478
if ((isinstance(key, keys.ECDSA256P1) and

0 commit comments

Comments
 (0)