From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Date: Fri, 15 May 2020 12:37:58 +0200
From: Michael Olbrich <m.olbrich@pengutronix.de>
Message-ID: <20200515103758.GB7220@pengutronix.de>
References: <20200514134300.16105-1-bst@pengutronix.de>
 <20200514134300.16105-6-bst@pengutronix.de>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20200514134300.16105-6-bst@pengutronix.de>
Subject: Re: [ptxdist] [PATCH 06/13]
 ptxd_lib_imx_hab/template-barebox-imx-habv4: use cs_get_ca helper
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ptxdist-bounces@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Bastian Krause <bst@pengutronix.de>

On Thu, May 14, 2020 at 03:42:53PM +0200, Bastian Krause wrote:
> Key providers now take care of calling the CA helpers. This makes sure
> the CA is already present in pem format. Use that instead of extracting
> and converting the certs here again. Thus HOST_EXTRACT_CERT is no longer
> a dependency of template-barebox-imx-habv4.
> 
> Note: requires ptx-code-signing-dev > 0.3

"0.4 or later"

Michael

> Signed-off-by: Bastian Krause <bst@pengutronix.de>
> ---
>  rules/templates/template-barebox-imx-habv4-in |  1 -
>  scripts/lib/ptxd_lib_imx_hab.sh               | 16 ++++++++--------
>  2 files changed, 8 insertions(+), 9 deletions(-)
> 
> diff --git a/rules/templates/template-barebox-imx-habv4-in b/rules/templates/template-barebox-imx-habv4-in
> index af3e59986..16258cbee 100644
> --- a/rules/templates/template-barebox-imx-habv4-in
> +++ b/rules/templates/template-barebox-imx-habv4-in
> @@ -3,7 +3,6 @@
>  config BAREBOX_@PACKAGE@
>  	tristate
>  	select CODE_SIGNING
> -	select HOST_EXTRACT_CERT
>  	select HOST_IMX_CST
>  	prompt "Barebox (@package@)"
>  	help
> diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh
> index 034bf82b2..781c1b3f6 100644
> --- a/scripts/lib/ptxd_lib_imx_hab.sh
> +++ b/scripts/lib/ptxd_lib_imx_hab.sh
> @@ -26,24 +26,24 @@ ptxd_make_imx_habv4_gen_table_impl() {
>      local template="${1}"
>      local table_bin="${pkg_build_dir}/imx-srk-table.bin"
>      local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
> -    local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/imx-habv4.XXXXXX")"
> +    local -a certs
>  
>      echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
>  
>      for i in 1 2 3 4; do
> -	local t=$(printf "${template}" "${i}")
> -	local uri=$(cs_get_uri "$t")
> +	certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
> +    done
>  
> -	ptxd_exec extract-cert "${uri}" ${tmpdir}/srk${i}.der &&
> -	ptxd_exec openssl x509 -inform der -in ${tmpdir}/srk${i}.der \
> -	    -out ${tmpdir}/srk${i}.pem || break
> -    done &&
> +    local orig_IFS="${IFS}"
> +    IFS=","
> +    certs="${certs[*]}"
> +    IFS="${orig_IFS}"
>  
>      ptxd_exec srktool --hab_ver 4 \
>  	--table "${table_bin}" \
>  	--efuses "${srk_fuse_bin}" \
>  	--digest sha256 \
> -	--certs ${tmpdir}/srk1.pem,${tmpdir}/srk2.pem,${tmpdir}/srk3.pem,${tmpdir}/srk4.pem
> +	--certs "${certs}"
>  }
>  export -f ptxd_make_imx_habv4_gen_table_impl
>  
> -- 
> 2.26.2
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de