commit 9a492d5e87935fa698b5729a35ab44fe0fc28069
author Fabio Utzig <utzig@apache.org> Wed Jan 15 11:31:52 2020 -0300
committer Fabio Utzig <utzig@utzig.org> Thu Jan 16 06:11:34 2020 -0300
tree 44d536b03043a0fc7bc4ad0f4a04e470bd332bc7
parent b976a4c0dcbf5b7bc0908e77a1301520f28813ae

imgtool: add better image overrun checks

This breaks the check() routine into two, one to check the header, one
to check the trailer. The reason is that header checking must be
performed when loading the input binary, while trailer overrun check
must be done after the whole image (with TLVs) is built.

To support the option of saving encrypted TLVs during swap in the
bootloader, a new parameters was added to the create command, to
allow the user to provide a config that matches the bootloader build
option and to do proper image overrun checks.

Signed-off-by: Fabio Utzig <utzig@apache.org>

scripts/imgtool/main.py

diff --git a/scripts/imgtool/main.py b/scripts/imgtool/main.py
index 61ed282..ba58bfd 100755
--- a/scripts/imgtool/main.py
+++ b/scripts/imgtool/main.py
@@ -204,6 +204,10 @@
               help='Adjust address in hex output file.')
 @click.option('-L', '--load-addr', type=BasedIntParamType(), required=False,
               help='Load address for image when it is in its primary slot.')
+@click.option('--save-enctlv', default=False, is_flag=True,
+              help='When upgrading, save encrypted key TLVs instead of plain '
+                   'keys. Enable when BOOT_SWAP_SAVE_ENCTLV config option '
+                   'was set.')
 @click.option('-E', '--encrypt', metavar='filename',
               help='Encrypt image using the provided public key')
 @click.option('-e', '--endian', type=click.Choice(['little', 'big']),
@@ -211,13 +215,15 @@
 @click.option('--overwrite-only', default=False, is_flag=True,
               help='Use overwrite-only instead of swap upgrades')
 @click.option('-M', '--max-sectors', type=int,
-              help='When padding allow for this amount of sectors (defaults to 128)')
+              help='When padding allow for this amount of sectors (defaults '
+                   'to 128)')
 @click.option('--pad', default=False, is_flag=True,
               help='Pad image to --slot-size bytes, adding trailer magic')
 @click.option('-S', '--slot-size', type=BasedIntParamType(), required=True,
               help='Size of the slot where the image will be written')
 @click.option('--pad-header', default=False, is_flag=True,
-              help='Add --header-size zeroed bytes at the beginning of the image')
+              help='Add --header-size zeroed bytes at the beginning of the '
+                   'image')
 @click.option('-H', '--header-size', callback=validate_header_size,
               type=BasedIntParamType(), required=True)
 @click.option('-d', '--dependencies', callback=get_dependencies,
@@ -232,12 +238,13 @@
                .hex extension, otherwise binary format is used''')
 def sign(key, align, version, header_size, pad_header, slot_size, pad,
          max_sectors, overwrite_only, endian, encrypt, infile, outfile,
-         dependencies, load_addr, hex_addr, erased_val):
+         dependencies, load_addr, hex_addr, erased_val, save_enctlv):
     img = image.Image(version=decode_version(version), header_size=header_size,
                       pad_header=pad_header, pad=pad, align=int(align),
                       slot_size=slot_size, max_sectors=max_sectors,
                       overwrite_only=overwrite_only, endian=endian,
-                      load_addr=load_addr, erased_val=erased_val)
+                      load_addr=load_addr, erased_val=erased_val,
+                      save_enctlv=save_enctlv)
     img.load(infile)
     key = load_key(key) if key else None
     enckey = load_key(encrypt) if encrypt else None