From: Bastian Krause <bst@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Bastian Krause <bst@pengutronix.de>
Subject: [ptxdist] [PATCH 06/13] ptxd_lib_imx_hab/template-barebox-imx-habv4: use cs_get_ca helper
Date: Thu, 14 May 2020 15:42:53 +0200 [thread overview]
Message-ID: <20200514134300.16105-6-bst@pengutronix.de> (raw)
In-Reply-To: <20200514134300.16105-1-bst@pengutronix.de>
Key providers now take care of calling the CA helpers. This makes sure
the CA is already present in pem format. Use that instead of extracting
and converting the certs here again. Thus HOST_EXTRACT_CERT is no longer
a dependency of template-barebox-imx-habv4.
Note: requires ptx-code-signing-dev > 0.3
Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
rules/templates/template-barebox-imx-habv4-in | 1 -
scripts/lib/ptxd_lib_imx_hab.sh | 16 ++++++++--------
2 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/rules/templates/template-barebox-imx-habv4-in b/rules/templates/template-barebox-imx-habv4-in
index af3e59986..16258cbee 100644
--- a/rules/templates/template-barebox-imx-habv4-in
+++ b/rules/templates/template-barebox-imx-habv4-in
@@ -3,7 +3,6 @@
config BAREBOX_@PACKAGE@
tristate
select CODE_SIGNING
- select HOST_EXTRACT_CERT
select HOST_IMX_CST
prompt "Barebox (@package@)"
help
diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh
index 034bf82b2..781c1b3f6 100644
--- a/scripts/lib/ptxd_lib_imx_hab.sh
+++ b/scripts/lib/ptxd_lib_imx_hab.sh
@@ -26,24 +26,24 @@ ptxd_make_imx_habv4_gen_table_impl() {
local template="${1}"
local table_bin="${pkg_build_dir}/imx-srk-table.bin"
local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
- local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/imx-habv4.XXXXXX")"
+ local -a certs
echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
for i in 1 2 3 4; do
- local t=$(printf "${template}" "${i}")
- local uri=$(cs_get_uri "$t")
+ certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
+ done
- ptxd_exec extract-cert "${uri}" ${tmpdir}/srk${i}.der &&
- ptxd_exec openssl x509 -inform der -in ${tmpdir}/srk${i}.der \
- -out ${tmpdir}/srk${i}.pem || break
- done &&
+ local orig_IFS="${IFS}"
+ IFS=","
+ certs="${certs[*]}"
+ IFS="${orig_IFS}"
ptxd_exec srktool --hab_ver 4 \
--table "${table_bin}" \
--efuses "${srk_fuse_bin}" \
--digest sha256 \
- --certs ${tmpdir}/srk1.pem,${tmpdir}/srk2.pem,${tmpdir}/srk3.pem,${tmpdir}/srk4.pem
+ --certs "${certs}"
}
export -f ptxd_make_imx_habv4_gen_table_impl
--
2.26.2
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
next prev parent reply other threads:[~2020-05-14 13:42 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-14 13:42 [ptxdist] [PATCH 01/13] host-genimage: version bump 11 -> 13 Bastian Krause
2020-05-14 13:42 ` [ptxdist] [PATCH 02/13] ptxd_lib_code_signing: return error string in cs_get_uri for make error case Bastian Krause
2020-05-14 13:42 ` [ptxdist] [PATCH 03/13] ptxd_lib_imx_hab: fix srk fuse file and table generation Bastian Krause
2020-05-14 13:42 ` [ptxdist] [PATCH 04/13] ptxd_lib_code_signing: introduce CA helper Bastian Krause
2020-05-15 10:36 ` Michael Olbrich
2020-05-15 11:21 ` Bastian Krause
2020-05-15 11:41 ` Jan Lübbe
2020-05-14 13:42 ` [ptxdist] [PATCH 05/13] host-ptx-code-signing-dev: version bump 0.2 -> 0.4 Bastian Krause
2020-05-14 16:00 ` Bastian Krause
2020-05-14 13:42 ` Bastian Krause [this message]
2020-05-15 10:37 ` [ptxdist] [PATCH 06/13] ptxd_lib_imx_hab/template-barebox-imx-habv4: use cs_get_ca helper Michael Olbrich
2020-05-15 11:22 ` Bastian Krause
2020-05-14 13:42 ` [ptxdist] [PATCH 07/13] ptxd_lib_imx_hab/template-barebox-imx-habv4: make number of SRKs configurable Bastian Krause
2020-05-14 13:42 ` [ptxdist] [PATCH 08/13] ptxd_make_fit_image: call mkimage with ptxd_exec Bastian Krause
2020-05-14 13:42 ` [ptxdist] [PATCH 09/13] u-boot/ptxd_make_fit_image: avoid overriding object name Bastian Krause
2020-05-14 13:42 ` [ptxdist] [PATCH 10/13] rauc/image-rauc: use code signing infrastructure for key retrieval Bastian Krause
2020-05-15 10:40 ` Michael Olbrich
2020-05-15 11:23 ` Bastian Krause
2020-05-14 13:42 ` [ptxdist] [PATCH 11/13] image-rauc: enable keyring verification Bastian Krause
2020-05-15 7:58 ` Michael Olbrich
2020-05-15 11:23 ` Bastian Krause
2020-05-14 13:42 ` [ptxdist] [PATCH 12/13] code-signing: move code-signing.in to platforms/ Bastian Krause
2020-05-14 13:43 ` [ptxdist] [PATCH 13/13] code-signing: introduce for ptxconfig, add sanity check Bastian Krause
2020-05-14 15:36 ` Bastian Krause
2020-05-15 7:55 ` Michael Olbrich
2020-05-15 11:24 ` Bastian Krause
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200514134300.16105-6-bst@pengutronix.de \
--to=bst@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox