[2/2] incubator-mynewt-core git commit: Change image signing info to be .md file instead of .txt.

[ma...@apache.org]

Change image signing info to be .md file instead of .txt.


Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/ecdfa610
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/ecdfa610
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/ecdfa610

Branch: refs/heads/develop
Commit: ecdfa6108d9fbe06c5c8cdbcff72c060923eba78
Parents: e972862
Author: Marko Kiiskila <ma...@runtime.io>
Authored: Tue Apr 5 10:46:29 2016 -0700
Committer: Marko Kiiskila <ma...@runtime.io>
Committed: Tue Apr 5 10:46:29 2016 -0700

----------------------------------------------------------------------
 libs/bootutil/signed_images.md  | 83 ++++++++++++++++++++++++++++++++++++
 libs/bootutil/signed_images.txt | 57 -------------------------
 2 files changed, 83 insertions(+), 57 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/ecdfa610/libs/bootutil/signed_images.md
----------------------------------------------------------------------
diff --git a/libs/bootutil/signed_images.md b/libs/bootutil/signed_images.md
new file mode 100644
index 0000000..58676aa
--- /dev/null
+++ b/libs/bootutil/signed_images.md
@@ -0,0 +1,83 @@
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+-->
+
+## Image signing
+
+This signs the image by computing hash over the image, and then
+signing that hash. Signature is computed by newt tool when it's
+creating the image. This signature is placed in the image trailer.
+
+The public key of this keypair must be included in the bootloader,
+as it verifies it before allowing the image to run.
+
+This facility allows you to use multiple signing keys. This would
+be useful when you want to prevent production units from booting
+development images, but want development units to be able to boot
+both production images and development images.
+
+## Creating signing keys
+First you need a keypair to use for signing. You can create
+one with openssl command line tool.
+
+openssl genrsa -out image_sign.pem 2048
+
+This created a file which contains both the private and public key,
+and will be used when signing images.
+
+Then you need to extract the public key from this to include it
+in the bootloader. Bootloader need to keep key parsing minimal,
+so it expects simple key format.
+
+openssl rsa -in image_sign.pem -pubout -out image_sign_pub.der -outform DER -RSAPublicKey_out
+
+Now the public key is in file called image_sign_pub.der.
+
+xxd -i image_sign_pub.der image_sign_pub.c
+
+Then you need to create a package containing this key, or keys.
+In the pkg.yml for this package, you advertise feature IMAGE_KEYS.
+Once this is done, bootloader will expect keys to be filled in
+'bootutil_keys', and the number of keys to be in 'bootutil_key_cnt'.
+
+## Sample pkg.yml
+This gets bootutil to turn on image signature validation.
+
+pkg.name: libs/mykeys
+pkg.deps:
+    - libs/bootutil
+pkg.features.bootloader:
+    - IMAGE_KEYS
+
+## Sample source file
+This exports the keys.
+
+#include <bootutil/sign_key.h>
+
+#include "image_sign_pub.c"
+
+const struct bootutil_key bootutil_keys[] = {
+    [0] = {
+        .key = image_sign_pub_der2,
+        .len = &image_sign_pub_der2_len,
+    }
+};
+
+const int bootutil_key_cnt = sizeof(bootutil_keys) / sizeof(bootutil_keys[0]);

http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/ecdfa610/libs/bootutil/signed_images.txt
----------------------------------------------------------------------
diff --git a/libs/bootutil/signed_images.txt b/libs/bootutil/signed_images.txt
deleted file mode 100644
index 460c240..0000000
--- a/libs/bootutil/signed_images.txt
+++ /dev/null
@@ -1,57 +0,0 @@
-Image signing
-
-This signs the image by computing hash over the image, and then
-signing that hash. Signature is computed by newt tool when it's
-creating the image. This signature is placed in the image trailer.
-
-The public key of this keypair must be included in the bootloader,
-as it verifies it before allowing the image to run.
-
-This facility allows you to use multiple signing keys. This would
-be useful when you want to prevent production units from booting
-development images, but want development units to be able to boot
-both production images and development images.
-
-First you need a keypair to use for signing. You can create
-one with openssl command line tool.
-
-openssl genrsa -out image_sign.pem 2048
-
-This created a file which contains both the private and public key,
-and will be used when signing images.
-
-Then you need to extract the public key from this to include it
-in the bootloader. Bootloader need to keep key parsing minimal,
-so it expects simple key format.
-
-openssl rsa -in image_sign.pem -pubout -out image_sign_pub.der -outform DER -RSAPublicKey_out
-
-Now the public key is in file called image_sign_pub.der.
-
-xxd -i image_sign_pub.der image_sign_pub.c
-
-Then you need to create a package containing this key, or keys.
-In the pkg.yml for this package, you advertise feature IMAGE_KEYS.
-Once this is done, bootloader will expect keys to be filled in
-'bootutil_keys', and the number of keys to be in 'bootutil_key_cnt'.
-
-Here is sample pkg.yml:
-pkg.name: libs/mykeys
-pkg.deps:
-    - libs/bootutil
-pkg.features.bootloader:
-    - IMAGE_KEYS
-
-And sample source file which includes the keys:
-#include <bootutil/sign_key.h>
-
-#include "image_sign_pub.c"
-
-const struct bootutil_key bootutil_keys[] = {
-    [0] = {
-        .key = image_sign_pub_der2,
-        .len = &image_sign_pub_der2_len,
-    }
-};
-
-const int bootutil_key_cnt = sizeof(bootutil_keys) / sizeof(bootutil_keys[0]);