From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Date: Fri, 15 May 2020 12:37:58 +0200 From: Michael Olbrich Message-ID: <20200515103758.GB7220@pengutronix.de> References: <20200514134300.16105-1-bst@pengutronix.de> <20200514134300.16105-6-bst@pengutronix.de> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200514134300.16105-6-bst@pengutronix.de> Subject: Re: [ptxdist] [PATCH 06/13] ptxd_lib_imx_hab/template-barebox-imx-habv4: use cs_get_ca helper List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de Cc: Bastian Krause On Thu, May 14, 2020 at 03:42:53PM +0200, Bastian Krause wrote: > Key providers now take care of calling the CA helpers. This makes sure > the CA is already present in pem format. Use that instead of extracting > and converting the certs here again. Thus HOST_EXTRACT_CERT is no longer > a dependency of template-barebox-imx-habv4. > > Note: requires ptx-code-signing-dev > 0.3 "0.4 or later" Michael > Signed-off-by: Bastian Krause > --- > rules/templates/template-barebox-imx-habv4-in | 1 - > scripts/lib/ptxd_lib_imx_hab.sh | 16 ++++++++-------- > 2 files changed, 8 insertions(+), 9 deletions(-) > > diff --git a/rules/templates/template-barebox-imx-habv4-in b/rules/templates/template-barebox-imx-habv4-in > index af3e59986..16258cbee 100644 > --- a/rules/templates/template-barebox-imx-habv4-in > +++ b/rules/templates/template-barebox-imx-habv4-in > @@ -3,7 +3,6 @@ > config BAREBOX_@PACKAGE@ > tristate > select CODE_SIGNING > - select HOST_EXTRACT_CERT > select HOST_IMX_CST > prompt "Barebox (@package@)" > help > diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh > index 034bf82b2..781c1b3f6 100644 > --- a/scripts/lib/ptxd_lib_imx_hab.sh > +++ b/scripts/lib/ptxd_lib_imx_hab.sh > @@ -26,24 +26,24 @@ ptxd_make_imx_habv4_gen_table_impl() { > local template="${1}" > local table_bin="${pkg_build_dir}/imx-srk-table.bin" > local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" > - local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/imx-habv4.XXXXXX")" > + local -a certs > > echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" > > for i in 1 2 3 4; do > - local t=$(printf "${template}" "${i}") > - local uri=$(cs_get_uri "$t") > + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" > + done > > - ptxd_exec extract-cert "${uri}" ${tmpdir}/srk${i}.der && > - ptxd_exec openssl x509 -inform der -in ${tmpdir}/srk${i}.der \ > - -out ${tmpdir}/srk${i}.pem || break > - done && > + local orig_IFS="${IFS}" > + IFS="," > + certs="${certs[*]}" > + IFS="${orig_IFS}" > > ptxd_exec srktool --hab_ver 4 \ > --table "${table_bin}" \ > --efuses "${srk_fuse_bin}" \ > --digest sha256 \ > - --certs ${tmpdir}/srk1.pem,${tmpdir}/srk2.pem,${tmpdir}/srk3.pem,${tmpdir}/srk4.pem > + --certs "${certs}" > } > export -f ptxd_make_imx_habv4_gen_table_impl > > -- > 2.26.2 > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de