* [ptxdist] [PATCH 1/3] ptxd_lib_code_signing: introduce code signing groups
@ 2021-04-12 16:18 Marc Kleine-Budde
2021-04-12 16:18 ` [ptxdist] [PATCH 2/3] ptxd_lib_imx_hab/template-barebox-imx-habv4/ptxdist-set-keys-hsm: convert to use the code signing group imx-habv4-srk Marc Kleine-Budde
2021-04-12 16:19 ` [ptxdist] [PATCH 3/3] ptxd_lib_code_signing: cs_get_ca(): only output CA if existing Marc Kleine-Budde
0 siblings, 2 replies; 6+ messages in thread
From: Marc Kleine-Budde @ 2021-04-12 16:18 UTC (permalink / raw)
To: ptxdist; +Cc: Marc Kleine-Budde
This patch introduces code signing groups.
A code signing group consists of one or more rolls. It should be used
where more than one role is needed, but the exact names and/or number of
rolls depend on the used code signing provider.
For example the generation of the imx HABv4 fuse table. It can use 1...4
SRK keys as input. If the signing provider is a HSM the current
mechanism with continuous numbered URI may not work, code signing groups
for the rescue.
To make use of code signing groups, define roles as usual:
| r="imx-habv4-srk1"
| cs_define_role "${r}"
| cs_set_uri "${r}" "pkcs11:object=SRK CA 0"
| cs_append_ca_from_uri "${r}"
|
| r="imx-habv4-srk2"
| cs_define_role "${r}"
| cs_set_uri "${r}" "pkcs11:object=SRK CA 1"
| cs_append_ca_from_uri "${r}"
Now define a group and add the roles to the group:
| g="imx-habv4-srk"
| cs_define_group "${g}"
| cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2"
Use the function cs_group_get_roles to get the roles of a group. In a
later patch the function ptxd_make_imx_habv4_gen_table() is converted to
make use $(cs_group_get_roles imx-habv4-srk) to get the groups of the
imx-habv4-srk role.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
---
scripts/lib/ptxd_lib_code_signing.sh | 45 ++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh
index 3e1654bb36e4..ba38a8edd12d 100644
--- a/scripts/lib/ptxd_lib_code_signing.sh
+++ b/scripts/lib/ptxd_lib_code_signing.sh
@@ -99,6 +99,51 @@ cs_define_role() {
}
export -f cs_define_role
+#
+# cs_define_group <group>
+#
+# Define a new key group.
+#
+cs_define_group() {
+ local group="${1}"
+ cs_init_variables
+
+ mkdir -p "${keydir}/${group}.group" &&
+ rm -f "${keydir}/${group}.group/roles"
+}
+export -f cs_define_group
+
+#
+# cs_group_add_roles <group> <role> ... <role>
+#
+# Set the roles for a group
+#
+cs_group_add_roles() {
+ local group="${1}"
+ shift
+ cs_init_variables
+
+ local orig_IFS="${IFS}"
+ IFS="
+"
+ echo "${*}" >> "${keydir}/${group}.group/roles" &&
+ IFS=${orig_IFS}
+}
+export -f cs_group_add_roles
+
+#
+# cs_group_get_roles <group>
+#
+# Gets the roles of a group
+#
+cs_group_get_roles() {
+ local group="${1}"
+ cs_init_variables
+
+ cat "${keydir}/${group}.group/roles"
+}
+export -f cs_group_get_roles
+
#
# cs_set_uri <role> <uri>
#
--
2.30.2
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread* [ptxdist] [PATCH 2/3] ptxd_lib_imx_hab/template-barebox-imx-habv4/ptxdist-set-keys-hsm: convert to use the code signing group imx-habv4-srk 2021-04-12 16:18 [ptxdist] [PATCH 1/3] ptxd_lib_code_signing: introduce code signing groups Marc Kleine-Budde @ 2021-04-12 16:18 ` Marc Kleine-Budde 2021-04-23 6:07 ` Michael Olbrich 2021-04-12 16:19 ` [ptxdist] [PATCH 3/3] ptxd_lib_code_signing: cs_get_ca(): only output CA if existing Marc Kleine-Budde 1 sibling, 1 reply; 6+ messages in thread From: Marc Kleine-Budde @ 2021-04-12 16:18 UTC (permalink / raw) To: ptxdist; +Cc: Marc Kleine-Budde This patch converts barebox and the barebox template to make use of code signing groups as introduced in the previous patch. Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> --- .../ptxdist-set-keys-hsm.sh | 6 ++- .../templates/template-barebox-imx-habv4-make | 2 +- scripts/lib/ptxd_lib_imx_hab.sh | 44 ++++++++++++++----- 3 files changed, 39 insertions(+), 13 deletions(-) diff --git a/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh b/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh index bcd531d69572..b94eff049eac 100755 --- a/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh +++ b/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh @@ -18,7 +18,7 @@ set_rauc_keys() { } set_imx_habv4_keys() { - local r + local r g # HSM use case, assuming it contains only 1st CSF/IMG key for i in 1 2 3 4; do @@ -28,6 +28,10 @@ set_imx_habv4_keys() { cs_append_ca_from_uri "${r}" done + g="imx-habv4-srk" + cs_define_group "${g}" + cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2" "imx-habv4-srk3" "imx-habv4-srk4" + r="imx-habv4-csf1" cs_define_role ${r} cs_set_uri "${r}" "pkcs11:token=foo;object=csf1" diff --git a/rules/templates/template-barebox-imx-habv4-make b/rules/templates/template-barebox-imx-habv4-make index eb752c8349d9..cc825dc90292 100644 --- a/rules/templates/template-barebox-imx-habv4-make +++ b/rules/templates/template-barebox-imx-habv4-make @@ -74,7 +74,7 @@ $(STATEDIR)/barebox-@package@.compile: @$(call targetinfo) @$(call world/env, BAREBOX_@PACKAGE@) \ - ptxd_make_imx_habv4_gen_table "imx-habv4-srk%d" 4 + ptxd_make_imx_habv4_gen_table imx-habv4-srk @$(call world/compile, BAREBOX_@PACKAGE@) diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh index d1e2aba99fab..f6f81834d0e7 100644 --- a/scripts/lib/ptxd_lib_imx_hab.sh +++ b/scripts/lib/ptxd_lib_imx_hab.sh @@ -9,7 +9,9 @@ # # ptxd_make_imx_habv4_gen_table - generate the srk fuse file and srk table for i.MX HABv4 # -# usage: ptxd_make_imx_habv4_gen_table <template> [<srk_count>] +# usage: ptxd_make_imx_habv4_gen_table <role group>|<template> [<srk_count>] +# +# role group: the group that specified all roles to access the keys # # template: the role template to access the keys. Must contain a "%d" which is # used as index @@ -25,25 +27,45 @@ # This will contain the srk hash which must be written to the fuses # ptxd_make_imx_habv4_gen_table_impl() { + local group="${1}" local template="${1}" local srk_count="${2}" local table_bin="${pkg_build_dir}/imx-srk-table.bin" local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" local -a certs + local i - if [ -z "${srk_count}" ]; then - srk_count=4 - fi + case "${template}" in + *%d*) # <template> [<srk_count>] + if [ -z "${srk_count}" ]; then + srk_count=4 + fi - if [ "${srk_count}" -gt 4 ]; then - ptxd_bailout "HABv4 allows only 4 certificates" - fi + if [ "${srk_count}" -gt 4 ]; then + ptxd_bailout "HABv4 allows only 4 certificates" + fi - echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" + for i in $(seq ${srk_count}); do + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" + done + ;; + *) # <role group> + local -a roles=( $(cs_group_get_roles "${group}") ) + + if [ "${#roles[@]}" -eq 0 ]; then + ptxd_bailout "Failed to get roles for group '${group}'" + fi - for i in $(seq ${srk_count}); do - certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" - done + if [ "${#roles[@]}" -gt 4 ]; then + ptxd_bailout "HABv4 allows only 4 certificates" + fi + + for i in "${roles[@]}"; do + certs[${#certs[*]}]="$(cs_get_ca "${i}")" + done + esac + + echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" local orig_IFS="${IFS}" IFS="," -- 2.30.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ptxdist] [PATCH 2/3] ptxd_lib_imx_hab/template-barebox-imx-habv4/ptxdist-set-keys-hsm: convert to use the code signing group imx-habv4-srk 2021-04-12 16:18 ` [ptxdist] [PATCH 2/3] ptxd_lib_imx_hab/template-barebox-imx-habv4/ptxdist-set-keys-hsm: convert to use the code signing group imx-habv4-srk Marc Kleine-Budde @ 2021-04-23 6:07 ` Michael Olbrich 2021-04-26 10:25 ` Roland Hieber 0 siblings, 1 reply; 6+ messages in thread From: Michael Olbrich @ 2021-04-23 6:07 UTC (permalink / raw) To: ptxdist; +Cc: Marc Kleine-Budde On Mon, Apr 12, 2021 at 06:18:59PM +0200, Marc Kleine-Budde wrote: > This patch converts barebox and the barebox template to make use of code > signing groups as introduced in the previous patch. > > Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> > --- > .../ptxdist-set-keys-hsm.sh | 6 ++- > .../templates/template-barebox-imx-habv4-make | 2 +- > scripts/lib/ptxd_lib_imx_hab.sh | 44 ++++++++++++++----- > 3 files changed, 39 insertions(+), 13 deletions(-) > > diff --git a/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh b/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh > index bcd531d69572..b94eff049eac 100755 > --- a/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh > +++ b/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh > @@ -18,7 +18,7 @@ set_rauc_keys() { > } > > set_imx_habv4_keys() { > - local r > + local r g > > # HSM use case, assuming it contains only 1st CSF/IMG key > for i in 1 2 3 4; do > @@ -28,6 +28,10 @@ set_imx_habv4_keys() { > cs_append_ca_from_uri "${r}" > done > > + g="imx-habv4-srk" > + cs_define_group "${g}" > + cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2" "imx-habv4-srk3" "imx-habv4-srk4" > + > r="imx-habv4-csf1" > cs_define_role ${r} > cs_set_uri "${r}" "pkcs11:token=foo;object=csf1" > diff --git a/rules/templates/template-barebox-imx-habv4-make b/rules/templates/template-barebox-imx-habv4-make > index eb752c8349d9..cc825dc90292 100644 > --- a/rules/templates/template-barebox-imx-habv4-make > +++ b/rules/templates/template-barebox-imx-habv4-make > @@ -74,7 +74,7 @@ $(STATEDIR)/barebox-@package@.compile: > @$(call targetinfo) > > @$(call world/env, BAREBOX_@PACKAGE@) \ > - ptxd_make_imx_habv4_gen_table "imx-habv4-srk%d" 4 > + ptxd_make_imx_habv4_gen_table imx-habv4-srk For this to work with the devel provider, host-ptx-code-signing-dev must be updated to create this group. I needs the same changes that you made to the code-signing-provider template above, right? Can you please add that and provide a new version for the PTXdist package? Michael > > @$(call world/compile, BAREBOX_@PACKAGE@) > > diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh > index d1e2aba99fab..f6f81834d0e7 100644 > --- a/scripts/lib/ptxd_lib_imx_hab.sh > +++ b/scripts/lib/ptxd_lib_imx_hab.sh > @@ -9,7 +9,9 @@ > # > # ptxd_make_imx_habv4_gen_table - generate the srk fuse file and srk table for i.MX HABv4 > # > -# usage: ptxd_make_imx_habv4_gen_table <template> [<srk_count>] > +# usage: ptxd_make_imx_habv4_gen_table <role group>|<template> [<srk_count>] > +# > +# role group: the group that specified all roles to access the keys > # > # template: the role template to access the keys. Must contain a "%d" which is > # used as index > @@ -25,25 +27,45 @@ > # This will contain the srk hash which must be written to the fuses > # > ptxd_make_imx_habv4_gen_table_impl() { > + local group="${1}" > local template="${1}" > local srk_count="${2}" > local table_bin="${pkg_build_dir}/imx-srk-table.bin" > local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" > local -a certs > + local i > > - if [ -z "${srk_count}" ]; then > - srk_count=4 > - fi > + case "${template}" in > + *%d*) # <template> [<srk_count>] > + if [ -z "${srk_count}" ]; then > + srk_count=4 > + fi > > - if [ "${srk_count}" -gt 4 ]; then > - ptxd_bailout "HABv4 allows only 4 certificates" > - fi > + if [ "${srk_count}" -gt 4 ]; then > + ptxd_bailout "HABv4 allows only 4 certificates" > + fi > > - echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" > + for i in $(seq ${srk_count}); do > + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" > + done > + ;; > + *) # <role group> > + local -a roles=( $(cs_group_get_roles "${group}") ) > + > + if [ "${#roles[@]}" -eq 0 ]; then > + ptxd_bailout "Failed to get roles for group '${group}'" > + fi > > - for i in $(seq ${srk_count}); do > - certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" > - done > + if [ "${#roles[@]}" -gt 4 ]; then > + ptxd_bailout "HABv4 allows only 4 certificates" > + fi > + > + for i in "${roles[@]}"; do > + certs[${#certs[*]}]="$(cs_get_ca "${i}")" > + done > + esac > + > + echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" > > local orig_IFS="${IFS}" > IFS="," > -- > 2.30.2 > > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ptxdist] [PATCH 2/3] ptxd_lib_imx_hab/template-barebox-imx-habv4/ptxdist-set-keys-hsm: convert to use the code signing group imx-habv4-srk 2021-04-23 6:07 ` Michael Olbrich @ 2021-04-26 10:25 ` Roland Hieber 0 siblings, 0 replies; 6+ messages in thread From: Roland Hieber @ 2021-04-26 10:25 UTC (permalink / raw) To: ptxdist, Marc Kleine-Budde On Fri, Apr 23, 2021 at 08:07:50AM +0200, Michael Olbrich wrote: > On Mon, Apr 12, 2021 at 06:18:59PM +0200, Marc Kleine-Budde wrote: > > This patch converts barebox and the barebox template to make use of code > > signing groups as introduced in the previous patch. > > > > Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> > > --- > > .../ptxdist-set-keys-hsm.sh | 6 ++- > > .../templates/template-barebox-imx-habv4-make | 2 +- > > scripts/lib/ptxd_lib_imx_hab.sh | 44 ++++++++++++++----- > > 3 files changed, 39 insertions(+), 13 deletions(-) > > > > diff --git a/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh b/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh > > index bcd531d69572..b94eff049eac 100755 > > --- a/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh > > +++ b/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh > > @@ -18,7 +18,7 @@ set_rauc_keys() { > > } > > > > set_imx_habv4_keys() { > > - local r > > + local r g > > > > # HSM use case, assuming it contains only 1st CSF/IMG key > > for i in 1 2 3 4; do > > @@ -28,6 +28,10 @@ set_imx_habv4_keys() { > > cs_append_ca_from_uri "${r}" > > done > > > > + g="imx-habv4-srk" > > + cs_define_group "${g}" > > + cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2" "imx-habv4-srk3" "imx-habv4-srk4" > > + > > r="imx-habv4-csf1" > > cs_define_role ${r} > > cs_set_uri "${r}" "pkcs11:token=foo;object=csf1" > > diff --git a/rules/templates/template-barebox-imx-habv4-make b/rules/templates/template-barebox-imx-habv4-make > > index eb752c8349d9..cc825dc90292 100644 > > --- a/rules/templates/template-barebox-imx-habv4-make > > +++ b/rules/templates/template-barebox-imx-habv4-make > > @@ -74,7 +74,7 @@ $(STATEDIR)/barebox-@package@.compile: > > @$(call targetinfo) > > > > @$(call world/env, BAREBOX_@PACKAGE@) \ > > - ptxd_make_imx_habv4_gen_table "imx-habv4-srk%d" 4 > > + ptxd_make_imx_habv4_gen_table imx-habv4-srk > > For this to work with the devel provider, host-ptx-code-signing-dev must be > updated to create this group. I needs the same changes that you made to the > code-signing-provider template above, right? > Can you please add that and provide a new version for the PTXdist package? And could you also add a bit of trivial documentation to doc/dev_code_signing.rst so people see that it exists? - Roland -- Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de | Steuerwalder Str. 21 | https://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* [ptxdist] [PATCH 3/3] ptxd_lib_code_signing: cs_get_ca(): only output CA if existing 2021-04-12 16:18 [ptxdist] [PATCH 1/3] ptxd_lib_code_signing: introduce code signing groups Marc Kleine-Budde 2021-04-12 16:18 ` [ptxdist] [PATCH 2/3] ptxd_lib_imx_hab/template-barebox-imx-habv4/ptxdist-set-keys-hsm: convert to use the code signing group imx-habv4-srk Marc Kleine-Budde @ 2021-04-12 16:19 ` Marc Kleine-Budde 2021-04-23 6:33 ` Michael Olbrich 1 sibling, 1 reply; 6+ messages in thread From: Marc Kleine-Budde @ 2021-04-12 16:19 UTC (permalink / raw) To: ptxdist; +Cc: Marc Kleine-Budde This patch changes cs_get_ca() to only output the CA if it actually exists. This makes it possible to use make's $(if ...) conditional. Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> --- scripts/lib/ptxd_lib_code_signing.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh index ba38a8edd12d..ff0eca16859c 100644 --- a/scripts/lib/ptxd_lib_code_signing.sh +++ b/scripts/lib/ptxd_lib_code_signing.sh @@ -288,7 +288,11 @@ cs_get_ca() { local role="${1}" cs_init_variables - echo "${keydir}/${role}/ca.pem" + local ca="${keydir}/${role}/ca.pem" + + if [ -e "${ca}" ]; then + echo "${ca}" + fi } export -f cs_get_ca -- 2.30.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ptxdist] [PATCH 3/3] ptxd_lib_code_signing: cs_get_ca(): only output CA if existing 2021-04-12 16:19 ` [ptxdist] [PATCH 3/3] ptxd_lib_code_signing: cs_get_ca(): only output CA if existing Marc Kleine-Budde @ 2021-04-23 6:33 ` Michael Olbrich 0 siblings, 0 replies; 6+ messages in thread From: Michael Olbrich @ 2021-04-23 6:33 UTC (permalink / raw) To: ptxdist; +Cc: Marc Kleine-Budde On Mon, Apr 12, 2021 at 06:19:00PM +0200, Marc Kleine-Budde wrote: > This patch changes cs_get_ca() to only output the CA if it actually > exists. This makes it possible to use make's $(if ...) conditional. > > Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> > --- > scripts/lib/ptxd_lib_code_signing.sh | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh > index ba38a8edd12d..ff0eca16859c 100644 > --- a/scripts/lib/ptxd_lib_code_signing.sh > +++ b/scripts/lib/ptxd_lib_code_signing.sh > @@ -288,7 +288,11 @@ cs_get_ca() { > local role="${1}" > cs_init_variables > > - echo "${keydir}/${role}/ca.pem" > + local ca="${keydir}/${role}/ca.pem" > + > + if [ -e "${ca}" ]; then > + echo "${ca}" > + fi So, I know we talked about this, and I suggested this solution. But after thinking about this a bit more, I think it's a bit fragile: It causes silent problems if this is evaluated too early. I don't quite remember the use-case, but maybe we can add the following here: if [ ! -d "${keydir}" ]; then echo ERROR_CA_NOT_YET_SET fi Similar to what we do for URIs. So if it's evaluated in make with ':=' then we always get this string. If some tool tries to use this as a filename it should be clearer what's wrong here. And with the '$(if ..)' case, you get false positives (and that will probably fail later because there is no ca) and no false negatives that may do the wrong thing silently. Michael > } > export -f cs_get_ca > > -- > 2.30.2 > > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-04-26 10:26 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-04-12 16:18 [ptxdist] [PATCH 1/3] ptxd_lib_code_signing: introduce code signing groups Marc Kleine-Budde 2021-04-12 16:18 ` [ptxdist] [PATCH 2/3] ptxd_lib_imx_hab/template-barebox-imx-habv4/ptxdist-set-keys-hsm: convert to use the code signing group imx-habv4-srk Marc Kleine-Budde 2021-04-23 6:07 ` Michael Olbrich 2021-04-26 10:25 ` Roland Hieber 2021-04-12 16:19 ` [ptxdist] [PATCH 3/3] ptxd_lib_code_signing: cs_get_ca(): only output CA if existing Marc Kleine-Budde 2021-04-23 6:33 ` Michael Olbrich
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox