Update Zephyr image signing instructions
Remove the obsolete `sign.sh` script, and fixup the documentation to
refer to the new tooling.
Fixes #245.
Signed-off-by: David Brown <david.brown@linaro.org>
diff --git a/docs/readme-zephyr.md b/docs/readme-zephyr.md
index 148e93f..b154edd 100644
--- a/docs/readme-zephyr.md
+++ b/docs/readme-zephyr.md
@@ -93,8 +93,8 @@
production, since the private key is publicly available in this
repository. See below on how to make your own signatures.
-There is a `sign.sh` script that gives some examples of how to make
-these signatures.
+Images can be signed with the `scripts/imgtool.py` script. It is best
+to look at `samples/zephyr/Makefile` for examples on how to use this.
### Flashing the application
@@ -116,11 +116,9 @@
The signing keys used by MCUboot are represented in standard formats,
and can be generated and processed using conventional tools. However,
-the Mynewt project has developed some tools to make this easier, and
-the `imgtool` directory contains a small program to use these tools,
-as well as some additional tools for generating and extracting public
-keys. If you will be using your own keys, it is recommended to build
-this tool following the directions within the directory.
+`scripts/imgtool.py` is able to generate key pairs in all of the
+supported formats. See [the docs](imgtool.md) for more details on
+this tool.
### Generating a new keypair
@@ -128,11 +126,11 @@
subcommand:
```
- $ imgtool keygen -k mykey.pem -t rsa-2048
+ $ ./scripts/imgtool.py keygen -k mykey.pem -t rsa-2048
```
The argument to `-t` should be the desired key type. See the
-imgtool README.rst for more details on the possible key types.
+[the docs](imgtool.md) for more details on the possible key types.
### Extracting the public key
@@ -142,7 +140,7 @@
extracted using imgtool:
```
- $ imgtool getpub -k mykey.pem
+ $ ./scripts/imgtool.py getpub -k mykey.pem
```
This will output the public key as a C array that can be dropped
diff --git a/sign.sh b/sign.sh
deleted file mode 100755
index 5c9989e..0000000
--- a/sign.sh
+++ /dev/null
@@ -1,48 +0,0 @@
-#! /bin/sh
-
-# This script can be used as an example of how to sign images.
-
-source $(dirname $0)/target.sh
-
-# RSA signatures can be made with the signing script in the scripts
-# directory.
-if true; then
- ./scripts/zep2newt.py \
- --bin ../zephyr/samples/shell/outdir/$BOARD/zephyr.bin \
- --key root.pem \
- --sig RSA \
- --out shell.signed.bin \
- --vtoff 0x200 \
- --word-size 8 \
- --image-version 3 \
- --bit --pad 0x20000
-
- ./scripts/zep2newt.py \
- --bin ../zephyr/samples/hello_world/outdir/$BOARD/zephyr.bin \
- --key root.pem \
- --sig RSA \
- --vtoff 0x200 \
- --word-size 8 \
- --image-version 2 \
- --out hello.signed.bin
-fi
-
-# Currently, ECDSA signatures need to be made with the imgtool. See
-# 'imgtool' for instructions on building the tool.
-if false; then
- imgtool sign \
- --key root_ec.pem \
- --header-size 0x200 \
- --version 3.0 \
- --align 8 \
- --pad 0x20000 \
- ../zephyr/samples/shell/outdir/$BOARD/zephyr.bin \
- shell.signed.bin
-
- imgtool sign \
- --key root_ec.pem \
- --header-size 0x200 \
- --version 3.0 \
- ../zephyr/samples/hello_world/outdir/$BOARD/zephyr.bin \
- hello.signed.bin
-fi