From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: In-Reply-To: <20200515142641.812-7-bst@pengutronix.de> MIME-Version: 1.0 Message-Id: From: Michael Olbrich Date: Tue, 19 May 2020 14:23:40 +0200 Subject: Re: [ptxdist] [APPLIED] ptxd_lib_imx_hab/template-barebox-imx-habv4: use cs_get_ca helper List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de Cc: Bastian Krause Thanks, applied as f67dc22691a8671ea3306f768712d3185f453077. Michael [sent from post-receive hook] On Tue, 19 May 2020 14:23:40 +0200, Bastian Krause wrote: > Key providers now take care of calling the CA helpers. This makes sure > the CA is already present in pem format. Use that instead of extracting > and converting the certs here again. Thus HOST_EXTRACT_CERT is no longer > a dependency of template-barebox-imx-habv4. > > Note: requires ptx-code-signing-dev 0.4 or later > > Signed-off-by: Bastian Krause > Message-Id: <20200515142641.812-7-bst@pengutronix.de> > Signed-off-by: Michael Olbrich > > diff --git a/rules/templates/template-barebox-imx-habv4-in b/rules/templates/template-barebox-imx-habv4-in > index af3e599861bc..16258cbee833 100644 > --- a/rules/templates/template-barebox-imx-habv4-in > +++ b/rules/templates/template-barebox-imx-habv4-in > @@ -3,7 +3,6 @@ > config BAREBOX_@PACKAGE@ > tristate > select CODE_SIGNING > - select HOST_EXTRACT_CERT > select HOST_IMX_CST > prompt "Barebox (@package@)" > help > diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh > index 034bf82b232a..781c1b3f610e 100644 > --- a/scripts/lib/ptxd_lib_imx_hab.sh > +++ b/scripts/lib/ptxd_lib_imx_hab.sh > @@ -26,24 +26,24 @@ ptxd_make_imx_habv4_gen_table_impl() { > local template="${1}" > local table_bin="${pkg_build_dir}/imx-srk-table.bin" > local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" > - local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/imx-habv4.XXXXXX")" > + local -a certs > > echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" > > for i in 1 2 3 4; do > - local t=$(printf "${template}" "${i}") > - local uri=$(cs_get_uri "$t") > + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" > + done > > - ptxd_exec extract-cert "${uri}" ${tmpdir}/srk${i}.der && > - ptxd_exec openssl x509 -inform der -in ${tmpdir}/srk${i}.der \ > - -out ${tmpdir}/srk${i}.pem || break > - done && > + local orig_IFS="${IFS}" > + IFS="," > + certs="${certs[*]}" > + IFS="${orig_IFS}" > > ptxd_exec srktool --hab_ver 4 \ > --table "${table_bin}" \ > --efuses "${srk_fuse_bin}" \ > --digest sha256 \ > - --certs ${tmpdir}/srk1.pem,${tmpdir}/srk2.pem,${tmpdir}/srk3.pem,${tmpdir}/srk4.pem > + --certs "${certs}" > } > export -f ptxd_make_imx_habv4_gen_table_impl > _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de