From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: From: Bastian Krause Date: Fri, 15 May 2020 16:26:32 +0200 Message-Id: <20200515142641.812-7-bst@pengutronix.de> In-Reply-To: <20200515142641.812-1-bst@pengutronix.de> References: <20200515142641.812-1-bst@pengutronix.de> MIME-Version: 1.0 Subject: [ptxdist] [PATCH v2 06/15] ptxd_lib_imx_hab/template-barebox-imx-habv4: use cs_get_ca helper List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de Cc: Bastian Krause Key providers now take care of calling the CA helpers. This makes sure the CA is already present in pem format. Use that instead of extracting and converting the certs here again. Thus HOST_EXTRACT_CERT is no longer a dependency of template-barebox-imx-habv4. Note: requires ptx-code-signing-dev 0.4 or later Signed-off-by: Bastian Krause --- Changes since (implicit) v1: - clarify required version of ptx-code-signing-dev in commit message --- rules/templates/template-barebox-imx-habv4-in | 1 - scripts/lib/ptxd_lib_imx_hab.sh | 16 ++++++++-------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/rules/templates/template-barebox-imx-habv4-in b/rules/templates/template-barebox-imx-habv4-in index af3e59986..16258cbee 100644 --- a/rules/templates/template-barebox-imx-habv4-in +++ b/rules/templates/template-barebox-imx-habv4-in @@ -3,7 +3,6 @@ config BAREBOX_@PACKAGE@ tristate select CODE_SIGNING - select HOST_EXTRACT_CERT select HOST_IMX_CST prompt "Barebox (@package@)" help diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh index 034bf82b2..781c1b3f6 100644 --- a/scripts/lib/ptxd_lib_imx_hab.sh +++ b/scripts/lib/ptxd_lib_imx_hab.sh @@ -26,24 +26,24 @@ ptxd_make_imx_habv4_gen_table_impl() { local template="${1}" local table_bin="${pkg_build_dir}/imx-srk-table.bin" local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" - local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/imx-habv4.XXXXXX")" + local -a certs echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" for i in 1 2 3 4; do - local t=$(printf "${template}" "${i}") - local uri=$(cs_get_uri "$t") + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" + done - ptxd_exec extract-cert "${uri}" ${tmpdir}/srk${i}.der && - ptxd_exec openssl x509 -inform der -in ${tmpdir}/srk${i}.der \ - -out ${tmpdir}/srk${i}.pem || break - done && + local orig_IFS="${IFS}" + IFS="," + certs="${certs[*]}" + IFS="${orig_IFS}" ptxd_exec srktool --hab_ver 4 \ --table "${table_bin}" \ --efuses "${srk_fuse_bin}" \ --digest sha256 \ - --certs ${tmpdir}/srk1.pem,${tmpdir}/srk2.pem,${tmpdir}/srk3.pem,${tmpdir}/srk4.pem + --certs "${certs}" } export -f ptxd_make_imx_habv4_gen_table_impl -- 2.26.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de