package/uboot-tools: add option to install fit_check_sign

This commit adds an option to install fit_check_sign to target for fit
image validation.

This will allow a fit image to have its signature and hashes validated
from Linux, assuming a device-tree of keys (the same as which is in
u-boot) is available.

Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/uboot-tools/Config.in

@@ -47,6 +47,15 @@ config BR2_PACKAGE_UBOOT_TOOLS_FIT_SIGNATURE_SUPPORT
 	  libcrypto, and possibly GPL/OpenSSL licensing
 	  incompatibility issues.
 
+config BR2_PACKAGE_UBOOT_TOOLS_FIT_CHECK_SIGN
+	bool "fit_check_sign"
+	depends on BR2_PACKAGE_UBOOT_TOOLS_FIT_SIGNATURE_SUPPORT
+	help
+	  Install the fit_check_sign tool on the target system
+
+	  The fit_check_sign tool from Das U-Boot bootloader, which
+	  allows FIT image signature validation on target system.
+
 endif
 
 config BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE

package/uboot-tools/uboot-tools.mk

@@ -32,6 +32,12 @@ UBOOT_TOOLS_MAKE_OPTS += CONFIG_FIT_SIGNATURE=y CONFIG_FIT_SIGNATURE_MAX_SIZE=0x
 UBOOT_TOOLS_DEPENDENCIES += openssl host-pkgconf
 endif
 
+ifeq ($(BR2_PACKAGE_UBOOT_TOOLS_FIT_CHECK_SIGN),y)
+define UBOOT_TOOLS_INSTALL_FIT_CHECK_SIGN
+	$(INSTALL) -m 0755 -D $(@D)/tools/fit_check_sign $(TARGET_DIR)/usr/bin/fit_check_sign
+endef
+endif
+
 define UBOOT_TOOLS_BUILD_CMDS
 	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) $(UBOOT_TOOLS_MAKE_OPTS) \
 		CROSS_BUILD_TOOLS=y tools-only
@@ -74,6 +80,7 @@ define UBOOT_TOOLS_INSTALL_TARGET_CMDS
 	$(UBOOT_TOOLS_INSTALL_MKENVIMAGE)
 	$(UBOOT_TOOLS_INSTALL_FWPRINTENV)
 	$(UBOOT_TOOLS_INSTALL_DUMPIMAGE)
+	$(UBOOT_TOOLS_INSTALL_FIT_CHECK_SIGN)
 endef
 
 define HOST_UBOOT_TOOLS_CONFIGURE_CMDS