From: Bastian Krause <bst@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Bastian Krause <bst@pengutronix.de>
Subject: [ptxdist] [PATCH v2 03/15] ptxd_lib_imx_hab: fix srk fuse file and table generation
Date: Fri, 15 May 2020 16:26:29 +0200 [thread overview]
Message-ID: <20200515142641.812-4-bst@pengutronix.de> (raw)
In-Reply-To: <20200515142641.812-1-bst@pengutronix.de>
srktool's help text states "certificate filenames must be separated by
a ',' with no spaces". Line continuating using "\" with the next line
being indented leads to a space being inserted between the SRK2
certificate and the SRK3 certificate.
srktool does not fail, but ignores everything after the space silently.
Thus only the first two certicates end up in the fuse file and table.
Fix this by specifying all certs on a single line.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
scripts/lib/ptxd_lib_imx_hab.sh | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh
index 8be376ff1..034bf82b2 100644
--- a/scripts/lib/ptxd_lib_imx_hab.sh
+++ b/scripts/lib/ptxd_lib_imx_hab.sh
@@ -43,8 +43,7 @@ ptxd_make_imx_habv4_gen_table_impl() {
--table "${table_bin}" \
--efuses "${srk_fuse_bin}" \
--digest sha256 \
- --certs ${tmpdir}/srk1.pem,${tmpdir}/srk2.pem,\
- ${tmpdir}/srk3.pem,${tmpdir}/srk4.pem
+ --certs ${tmpdir}/srk1.pem,${tmpdir}/srk2.pem,${tmpdir}/srk3.pem,${tmpdir}/srk4.pem
}
export -f ptxd_make_imx_habv4_gen_table_impl
--
2.26.2
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
next prev parent reply other threads:[~2020-05-15 14:26 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-15 14:26 [ptxdist] [PATCH v2 00/15] Fix/extend code signing infrastructure/consumers Bastian Krause
2020-05-15 14:26 ` [ptxdist] [PATCH v2 01/15] host-genimage: version bump 11 -> 13 Bastian Krause
2020-05-19 12:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-05-15 14:26 ` [ptxdist] [PATCH v2 02/15] ptxd_lib_code_signing: return error string in cs_get_uri for make error case Bastian Krause
2020-05-19 12:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-05-15 14:26 ` Bastian Krause [this message]
2020-05-19 12:23 ` [ptxdist] [APPLIED] ptxd_lib_imx_hab: fix srk fuse file and table generation Michael Olbrich
2020-05-15 14:26 ` [ptxdist] [PATCH v2 04/15] ptxd_lib_code_signing: introduce CA helper Bastian Krause
2020-05-19 12:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-05-15 14:26 ` [ptxdist] [PATCH v2 05/15] host-ptx-code-signing-dev: version bump 0.2 -> 0.4 Bastian Krause
2020-05-19 12:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-05-15 14:26 ` [ptxdist] [PATCH v2 06/15] ptxd_lib_imx_hab/template-barebox-imx-habv4: use cs_get_ca helper Bastian Krause
2020-05-19 12:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-05-15 14:26 ` [ptxdist] [PATCH v2 07/15] ptxd_lib_imx_hab/template-barebox-imx-habv4: make number of SRKs configurable Bastian Krause
2020-05-19 12:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-05-15 14:26 ` [ptxdist] [PATCH v2 08/15] ptxd_make_fit_image: call mkimage with ptxd_exec Bastian Krause
2020-05-19 12:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-05-15 14:26 ` [ptxdist] [PATCH v2 09/15] u-boot/ptxd_make_fit_image: avoid overriding object name Bastian Krause
2020-05-19 12:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-05-15 14:26 ` [ptxdist] [PATCH v2 10/15] ptxd_make_fit_image: sign ramdisk if enabled Bastian Krause
2020-05-19 12:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-05-15 14:26 ` [ptxdist] [PATCH v2 11/15] code-signing: move code-signing.in to platforms/ Bastian Krause
2020-05-19 12:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-05-15 14:26 ` [ptxdist] [PATCH v2 12/15] code-signing: introduce for ptxconfig, add sanity check Bastian Krause
2020-05-19 12:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-05-15 14:26 ` [ptxdist] [PATCH v2 13/15] rauc/image-rauc: use code signing infrastructure for key retrieval Bastian Krause
2020-05-19 12:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-05-15 14:26 ` [ptxdist] [PATCH v2 14/15] image-rauc: enable keyring verification Bastian Krause
2020-05-19 12:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-05-15 14:26 ` [ptxdist] [PATCH v2 15/15] rauc: version bump 1.2 -> 1.3 Bastian Krause
2020-05-19 12:23 ` [ptxdist] [APPLIED] " Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200515142641.812-4-bst@pengutronix.de \
--to=bst@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox