lib: rsa: add support to other openssl engine types than pkcs11

There are multiple other openssl engines used by HSMs that can be used to sign FIT images instead of forcing users to use pkcs11 type of service. Relax engine selection so that other openssl engines can be specified and use generic key id definition formula. Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Cc: Tom Rini <trini@konsulko.com>
2025-09-01 00:32:04 +02:00 · 2019-06-16 20:53:38 +03:00
parent 0e80dda32c
commit 5b123e0109
3 changed files with 52 additions and 5 deletions
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -105,7 +105,7 @@ static void usage(const char *msg)
 		"          -F => re-sign existing FIT image\n"
 		"          -p => place external data at a static position\n"
 		"          -r => mark keys used as 'required' in dtb\n"
-		"          -N => engine to use for signing (pkcs11)\n");
+		"          -N => openssl engine to use for signing\n");
 #else
 	fprintf(stderr,
 		"Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");