From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from pty.hi.pengutronix.de ([2001:67c:670:100:1d::c5] helo=[IPv6:::1]) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1jZYPx-00062D-6V for ptxdist@pengutronix.de; Fri, 15 May 2020 13:22:17 +0200 References: <20200514134300.16105-1-bst@pengutronix.de> <20200514134300.16105-6-bst@pengutronix.de> <20200515103758.GB7220@pengutronix.de> From: Bastian Krause Message-ID: <1b5c3d98-670a-d0f4-7d1b-bb07a1253aa8@pengutronix.de> Date: Fri, 15 May 2020 13:22:16 +0200 MIME-Version: 1.0 In-Reply-To: <20200515103758.GB7220@pengutronix.de> Content-Language: en-US Subject: Re: [ptxdist] [PATCH 06/13] ptxd_lib_imx_hab/template-barebox-imx-habv4: use cs_get_ca helper List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de On 5/15/20 12:37 PM, Michael Olbrich wrote: > On Thu, May 14, 2020 at 03:42:53PM +0200, Bastian Krause wrote: >> Key providers now take care of calling the CA helpers. This makes sure >> the CA is already present in pem format. Use that instead of extracting >> and converting the certs here again. Thus HOST_EXTRACT_CERT is no longer >> a dependency of template-barebox-imx-habv4. >> >> Note: requires ptx-code-signing-dev > 0.3 > > "0.4 or later" Okay. Regards, Bastian > >> Signed-off-by: Bastian Krause >> --- >> rules/templates/template-barebox-imx-habv4-in | 1 - >> scripts/lib/ptxd_lib_imx_hab.sh | 16 ++++++++-------- >> 2 files changed, 8 insertions(+), 9 deletions(-) >> >> diff --git a/rules/templates/template-barebox-imx-habv4-in b/rules/templates/template-barebox-imx-habv4-in >> index af3e59986..16258cbee 100644 >> --- a/rules/templates/template-barebox-imx-habv4-in >> +++ b/rules/templates/template-barebox-imx-habv4-in >> @@ -3,7 +3,6 @@ >> config BAREBOX_@PACKAGE@ >> tristate >> select CODE_SIGNING >> - select HOST_EXTRACT_CERT >> select HOST_IMX_CST >> prompt "Barebox (@package@)" >> help >> diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh >> index 034bf82b2..781c1b3f6 100644 >> --- a/scripts/lib/ptxd_lib_imx_hab.sh >> +++ b/scripts/lib/ptxd_lib_imx_hab.sh >> @@ -26,24 +26,24 @@ ptxd_make_imx_habv4_gen_table_impl() { >> local template="${1}" >> local table_bin="${pkg_build_dir}/imx-srk-table.bin" >> local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" >> - local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/imx-habv4.XXXXXX")" >> + local -a certs >> >> echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" >> >> for i in 1 2 3 4; do >> - local t=$(printf "${template}" "${i}") >> - local uri=$(cs_get_uri "$t") >> + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" >> + done >> >> - ptxd_exec extract-cert "${uri}" ${tmpdir}/srk${i}.der && >> - ptxd_exec openssl x509 -inform der -in ${tmpdir}/srk${i}.der \ >> - -out ${tmpdir}/srk${i}.pem || break >> - done && >> + local orig_IFS="${IFS}" >> + IFS="," >> + certs="${certs[*]}" >> + IFS="${orig_IFS}" >> >> ptxd_exec srktool --hab_ver 4 \ >> --table "${table_bin}" \ >> --efuses "${srk_fuse_bin}" \ >> --digest sha256 \ >> - --certs ${tmpdir}/srk1.pem,${tmpdir}/srk2.pem,${tmpdir}/srk3.pem,${tmpdir}/srk4.pem >> + --certs "${certs}" >> } >> export -f ptxd_make_imx_habv4_gen_table_impl >> >> -- >> 2.26.2 >> >> >> _______________________________________________ >> ptxdist mailing list >> ptxdist@pengutronix.de >> > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de