diff options
author | Michael Olbrich <m.olbrich@pengutronix.de> | 2021-11-25 16:26:39 +0100 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2021-11-26 19:21:29 +0100 |
commit | 36984a531b3495bc8dc92d01ec3c99b79073d9c9 (patch) | |
tree | 66670c48e291377d347dbd747e314d16c741ebc4 | |
parent | 080a7d068a1f00e6042c7eda152caebf65946126 (diff) | |
download | ptxdist-36984a531b3495bc8dc92d01ec3c99b79073d9c9.tar.gz ptxdist-36984a531b3495bc8dc92d01ec3c99b79073d9c9.tar.xz |
image-rauc: add support for intermediate certificates
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
-rw-r--r-- | config/images/rauc.config | 5 | ||||
-rw-r--r-- | platforms/image-rauc.in | 8 | ||||
-rw-r--r-- | rules/image-rauc.make | 3 |
3 files changed, 13 insertions, 3 deletions
diff --git a/config/images/rauc.config b/config/images/rauc.config index ddf40fb17..e4169cc8c 100644 --- a/config/images/rauc.config +++ b/config/images/rauc.config @@ -7,15 +7,16 @@ image @IMAGE@ { version=@RAUC_BUNDLE_VERSION@ build=@RAUC_BUNDLE_BUILD@ description=@RAUC_BUNDLE_DESCRIPTION@ - + [bundle] format=@RAUC_BUNDLE_FORMAT@ - + [image.rootfs] filename=root.tar.gz " cert = "@RAUC_CERT@" key = "@RAUC_KEY@" keyring = "@RAUC_KEYRING@" + intermediate = @RAUC_INTERMEDIATE@ } } diff --git a/platforms/image-rauc.in b/platforms/image-rauc.in index 1c5967092..3835e0718 100644 --- a/platforms/image-rauc.in +++ b/platforms/image-rauc.in @@ -41,4 +41,12 @@ config IMAGE_RAUC_BUNDLE_FORMAT_VERITY endchoice +config IMAGE_RAUC_INTERMEDIATE + bool "include intermediate certificates" + help + Include intermediate certificates in the bundle signature that + can be used to close the trust chain during bundle signature + verification. The certificates must be stored in the CA of the + "update-intermediate" role of the code signing provider. + endif diff --git a/rules/image-rauc.make b/rules/image-rauc.make index d70114aa2..f7bed6e49 100644 --- a/rules/image-rauc.make +++ b/rules/image-rauc.make @@ -35,7 +35,8 @@ IMAGE_RAUC_ENV = \ RAUC_BUNDLE_DESCRIPTION=$(PTXCONF_IMAGE_RAUC_DESCRIPTION) \ RAUC_KEY="$(shell cs_get_uri update)" \ RAUC_CERT="$(shell cs_get_uri update)" \ - RAUC_KEYRING="$(shell cs_get_ca update)" + RAUC_KEYRING="$(shell cs_get_ca update)" \ + RAUC_INTERMEDIATE=$(call ptx/ifdef, PTXCONF_IMAGE_RAUC_INTERMEDIATE,'"$(shell cs_get_ca update-intermediate)"','{}') $(IMAGE_RAUC_IMAGE): @$(call targetinfo) |