From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Mon, 28 Jun 2021 01:14:02 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1lxdyU-0002VK-VI
	for lore@lore.pengutronix.de; Mon, 28 Jun 2021 01:14:02 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1lxdyU-0007gJ-94; Mon, 28 Jun 2021 01:14:02 +0200
Received: from dude.hi.pengutronix.de ([2001:67c:670:100:1d::7])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <rhi@pengutronix.de>)
 id 1lxdxF-0006nw-6i; Mon, 28 Jun 2021 01:12:45 +0200
Received: from rhi by dude.hi.pengutronix.de with local (Exim 4.92)
 (envelope-from <rhi@pengutronix.de>)
 id 1lxdxE-0007xm-P9; Mon, 28 Jun 2021 01:12:44 +0200
From: Roland Hieber <rhi@pengutronix.de>
To: ptxdist@pengutronix.de
Date: Mon, 28 Jun 2021 01:11:17 +0200
Message-Id: <20210627231121.28313-3-rhi@pengutronix.de>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210627231121.28313-1-rhi@pengutronix.de>
References: <20210627231121.28313-1-rhi@pengutronix.de>
MIME-Version: 1.0
Subject: [ptxdist] [PATCH v2 3/7] templates/code-signing-provider: set up
 the 'imx-habv4-srk' role group
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: Marc Kleine-Budde <mkl@pengutronix.de>, Roland Hieber <rhi@pengutronix.de>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

From: Marc Kleine-Budde <mkl@pengutronix.de>

Existing barebox-imx-habv4 recipes can still use the indexed
'imx-habv4-srk%d ' roles to fetch the SRK keys, but for compatibility
with HSM use cases that don't supported indexed role names, set up a new
role group that contains the roles.

Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
PATCH v2 (rhi):
 - split off code signing provider template changes from library and
   consumer changes (see next patch) to make patches easier to port to
   existing code signing providers

PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-2-mkl@pengutronix.de
---
 .../templates/code-signing-provider/ptxdist-set-keys-hsm.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh b/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh
index bcd531d69572..b94eff049eac 100755
--- a/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh
+++ b/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh
@@ -18,7 +18,7 @@ set_rauc_keys() {
 }
 
 set_imx_habv4_keys() {
-	local r
+	local r g
 
 	# HSM use case, assuming it contains only 1st CSF/IMG key
 	for i in 1 2 3 4; do
@@ -28,6 +28,10 @@ set_imx_habv4_keys() {
 		cs_append_ca_from_uri "${r}"
 	done
 
+	g="imx-habv4-srk"
+	cs_define_group "${g}"
+	cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2" "imx-habv4-srk3" "imx-habv4-srk4"
+
 	r="imx-habv4-csf1"
 	cs_define_role ${r}
 	cs_set_uri "${r}" "pkcs11:token=foo;object=csf1"
-- 
2.30.2


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de