ptxd_lib_imx_hab/template-barebox-imx-habv4: use cs_get_ca helper

Key providers now take care of calling the CA helpers. This makes sure
the CA is already present in pem format. Use that instead of extracting
and converting the certs here again. Thus HOST_EXTRACT_CERT is no longer
a dependency of template-barebox-imx-habv4.

Note: requires ptx-code-signing-dev 0.4 or later

Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200515142641.812-7-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>

1 files changed, 8 insertions, 8 deletions

diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh
index 034bf82b2..781c1b3f6 100644
--- a/scripts/lib/ptxd_lib_imx_hab.sh
+++ b/scripts/lib/ptxd_lib_imx_hab.sh
@@ -26,24 +26,24 @@ ptxd_make_imx_habv4_gen_table_impl() {
     local template="${1}"
     local table_bin="${pkg_build_dir}/imx-srk-table.bin"
     local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
-    local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/imx-habv4.XXXXXX")"
+    local -a certs
 
     echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
 
     for i in 1 2 3 4; do
-	local t=$(printf "${template}" "${i}")
-	local uri=$(cs_get_uri "$t")
+	certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
+    done
 
-	ptxd_exec extract-cert "${uri}" ${tmpdir}/srk${i}.der &&
-	ptxd_exec openssl x509 -inform der -in ${tmpdir}/srk${i}.der \
-	    -out ${tmpdir}/srk${i}.pem || break
-    done &&
+    local orig_IFS="${IFS}"
+    IFS=","
+    certs="${certs[*]}"
+    IFS="${orig_IFS}"
 
     ptxd_exec srktool --hab_ver 4 \
 	--table "${table_bin}" \
 	--efuses "${srk_fuse_bin}" \
 	--digest sha256 \
-	--certs ${tmpdir}/srk1.pem,${tmpdir}/srk2.pem,${tmpdir}/srk3.pem,${tmpdir}/srk4.pem
+	--certs "${certs}"
 }
 export -f ptxd_make_imx_habv4_gen_table_impl